Adding info about login throttling

rate_limiter.rst

@@ -11,7 +11,7 @@ defensive measure to protect services from excessive use (intended or not) and
 maintain their availability. It's also useful to control your internal or
 outbound processes (e.g. limit the number of simultaneously processed messages).
 
-Symfony uses these rate limiters in built-in features like "login throttling",
+Symfony uses these rate limiters in built-in features like :ref:`login throttling <security-login-throttling>`,
 which limits how many failed login attempts a user can make in a given period of
 time, but you can use them for your own features too.
 

security.rst

@@ -1368,6 +1368,8 @@ Enable remote user authentication using the ``remote_user`` key:
     :ref:`the configuration reference <reference-security-firewall-remote-user>`
     for more details.
 
+.. _security-login-throttling:
+
 Limiting Login Attempts
 ~~~~~~~~~~~~~~~~~~~~~~~
 

security/custom_authenticator.rst

@@ -168,6 +168,11 @@ can define what happens in these cases:
     useful for e.g. login forms, where the login controller is run again
     with the login errors.
 
+    If you're using :ref:`login throttling <security-login-throttling>`,
+    you can check if ``$exception`` is an instance of
+    :class:`Symfony\\Component\\Security\\Core\\Exception\\TooManyLoginAttemptsAuthenticationException`
+    (e.g. to display an appropriate message).
+
     **Caution**: Never use ``$exception->getMessage()`` for ``AuthenticationException``
     instances. This message might contain sensitive information that you
     don't want to be publicly exposed. Instead, use ``$exception->getMessageKey()``