user.email.verified webhook not firing

twosevenxyz · 30 Aug 2020, 21:16

When I call the relevant APIs to create a user account, FusionAuth sends them a verification email. However, when they verify their account, my configured user.email.verified webhook does not fire. I have also tried user.create webhook and that does not work either.
I'm quite certain that the webhook itself has been configured correctly, since the webkhook test works as expected. It's just that it never automatically triggers when a user verifies their email. What am I doing wrong?

dan · 31 Aug 2020, 22:21

Hiya,

I was not able to replicate this issue. I am running FusionAuth 1.18.7.

I set up email verifications for registrations on the application and enabled email verifications on the tenant. I set up an SMTP server in the "Email" tab of the tenant as well (was modifying the default tenant). I also made sure to enable self service registrations.

Then I set up a webhook. I used https://webhook.site/ so I didn't set anything up locally. I configured this webhook under "Settings" and then "Webhooks". Then I went to the default tenant and enabled the user.email.verified webhook event.

I then opened up an incognito browser and registered for the application. I got the email (used the default email template) and when I clicked on it, I was registered with a verified email. I then checked out the webhook and saw it fired:

{
  "event": {
    "type": "user.email.verified",
    "createInstant": 1598911988667,
    "id": "9d21ad3f-9f98-4eef-b69c-ee7326045387",
    "tenantId": "30663132-6464-6665-3032-326466613934",
    "user": {
      "active": true,
      "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
      "email": "dan@example6.com",
      "firstName": "dan",
      "id": "8ffee38d-48c3-48c9-b386-9c3c114c7bc9",
      "insertInstant": 1598911974759,
      "lastLoginInstant": 1598911974847,
      "lastUpdateInstant": 1598911974759,
      "passwordChangeRequired": false,
      "passwordLastUpdateInstant": 1598911974800,
      "registrations": [
        {
          "applicationId": "85a03867-dccf-4882-adde-1a79aeec50df",
          "data": {
            "geographicarea": "",
            "maxprice": 1,
            "minprice": 1
          },
          "id": "7b86d397-3e7d-4f39-9cf2-f2b092f8ee51",
          "insertInstant": 1598911974846,
          "lastLoginInstant": 1598911974847,
          "lastUpdateInstant": 1598911974846,
          "usernameStatus": "ACTIVE",
          "verified": true
        }
      ],
      "tenantId": "30663132-6464-6665-3032-326466613934",
      "twoFactorDelivery": "None",
      "twoFactorEnabled": false,
      "usernameStatus": "ACTIVE",
      "verified": true
    }
  }
}

Can you give me more information as to how your system is configured?

what version are you running?
did you get the emails?
did you configure webhooks in both locations (under settings and tenants)?

twosevenxyz · 1 Sept 2020, 04:12

I think the difference between what you are doing and what I'm doing is that I'm creating accounts via APIs.

await fusionAuthClient.register({
  registration: {
    applicationId: clientId
  },
  user: {
    email,
    password,
    data: {
      hasPassword: true,
      loginsCount: 0
    }
  }
})

When I do this, FusionAuth sends out a verification email to the user. However, when the user verifies their email by clicking the link in the verification email, the user.email.verified webhook does not fire.
Also, the user.create webhook does not fire when I register the user (create+register) as shown above.

What version are you running? v1.18.8
Did you get the emails? No. However, I get an email when I perform the webhook test.
Did you configure webhooks in both locations (under settings and tenants)? Yes

dan · 9 Jan 2020, 21:09

Hiya, thanks, I see you mentioned it was via the API in the first place. Doh!

I think maybe the issue is that your user JSON isn't correct. I'm pretty sure you want to use this:

await fusionAuthClient.register({
  registration: {
    applicationId: clientId
  },
  user: {
    email : "realemail@example.com",
    password : "password",
    data: {
      hasPassword: true,
      loginsCount: 0
    }
  }
})

I think javascript is doing something funky with email and password (maybe treating the email as the key) and thus the user isn't even created. But that could be a typo.

I used this curl script to create a user and got an email and a webhook. Two webhook events were received, the user.create initially and then, when the email was verified, the user.email.verified event.

curl -vvv -XPOST -H 'Content-type: application/json' -H "Authorization: $API_KEY" 'http://localhost:9011/api/user/registration' -d' { "registration": { "applicationId": "85a03867-dccf-4882-adde-1a79aeec50df" }, "user": { "email" : "dan@example8.com", "password" : "secretpw", "data": { "hasPassword": true, "loginsCount": 0 } }}'

Can you please try to recreate with the curl script and let me know if you still see the issue?

dan · 1 Sept 2020, 21:20

Related bug report: https://github.com/FusionAuth/fusionauth-issues/issues/842