LionC
commented
9 months ago Thanks for the suggestion!
I think this should be the concern of a different middleware to put in front of this one, and I think there are already some options to do that. Closing as out of scope for now.
To avoid bad actors abusing the auth and trying to brute-force their way in, a back-off algorithm based on IPs would be nice to have