how to use authRateLimits?
I see auth schema has authRateLimits defined and its in docs but not much info available on how to ratelimit the auth e.g. magic emails
2 Replies
The rate limiting is automatic. Convex Auth rate limits all sign-ins where users provide email + (short) secret, so in OTP and Password flows.
The library doesn't rate limit magic links (the code is long enough to not be bruteforceable) or OAuth.
You can configure the rate limit via this option:
https://labs.convex.dev/auth/api_reference/server#signinmaxfailedattempsperhour
server - Convex Auth
Authentication library for your Convex backend
ty michal will take a look 💪