I've been trying to see how can I limit the number of codes being send to an email during the signup/reset password. I couldn't find a simple solution from Azure for that.
What I could find is: configuring AFD (azure front door) limit for API calls but that's also kind of complicated and doesn't work 100%.
is there any better solution? there has to be something. thanks.
Have you tried OneTimePasswordProtocolProvider's NumCodeGenerationAttempts? This is still not the ideal solution as the user can start a new session and still continue to spam