How to detect that a user is locked with Admin Rest API?

when a user enters a wrong user name or password we get an error “Unauthorized - Invalid user credentials”
which makes sense.

but in our configuration after 5 attempts the user is locked
when we send another login with bad credentials we still get “Unauthorized - Invalid user credentials”, BUT we have no way to know that the user is locked at this point

someone already asked this 5 years ago in this SOF post

but I don’t get the answer he received.

for example, one option is to send:
GET /{realm}/attack-detection/brute-force/users/{userId}
but I have 2 problems with this approach:

  1. I don’t have the userId. I have the user name
  2. in order to invoke this endpoint I need to be authenticated - which is a paradox since I’m handling with a failed login attempt

is there no other way to understand that a user is locked?

Hi @amir. Did you ever figure this out?