• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Gated Users still can get a JWT token

Scheduled Pinned Locked Moved
General Discussion
2
2
283
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    andrey.dzhezhora
    last edited by 21 Jul 2022, 06:28

    I enable the functionality of “Gate Users Until They Verify Their Email”
    but even after doing step by step manual(https://fusionauth.io/docs/v1/tech/tutorials/gating/gate-accounts-until-user-email-verified) unverified email users still can get jwt token via API , anyone familiar with this strange behavior .?

    D 1 Reply Last reply 16 Aug 2022, 03:05 Reply Quote 0
    • D
      dan @andrey.dzhezhora
      last edited by 16 Aug 2022, 03:05

      @andrey-dzhezhora

      Hmmm. What does the login API return as a status code. My guess, from reading the docs, is that it returns a 212, as specified here: https://fusionauth.io/docs/v1/tech/apis/login#authenticate-a-user

      This is still a kind of success, and if you are using the Login API, you are expected to consume the response codes and make appropriate limitations based on that.

      Does that make sense?

      If, on the other hand, you are getting a 200 for this user, that seems like a bug. Or at least something is going on that I don't understand.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • First post
        Last post