FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. appeal
    3. Best
    A
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 7
    • Best 2
    • Controversial 0
    • Groups 0

    Best posts made by appeal

    • Failing webhook on user.login.success gives weird feedback

      We have a webhook that's checking, using a web-request to a separate system, if a user logging in has access to the given application. The webhook is fired on user.login.success.

      There's some logic that compares the authorized applications on our end with the registrations in the FusionAuth-event-data.

      When this check fails the webhook returns 401 and the login-attempt is cancelled.

      This works nicely when MFA is disabled. As soon as it is enabled, though, the webhook is called after a valid MFA-code is entered, and the error message in the FusionAuth-interface says: 'invalid code'. That is entirely not the case though. The code is valid, but the webhook 'failed'.

      This is the last remaining hiccup we have, UX-wise, before we can launch our FusionAuth-instance. Is there something we can do about this?

      posted in Comments & Feedback
      A
      appeal
    • RE: Failing webhook on user.login.success gives weird feedback

      @dan Hi Dan, I don't believe I am.

      To me it feels like the failing webhook cancels an otherwise successful response (since the webhook is only called on user.login.success). This event is only called after the MFA is (successfully) entered, or, with MFA disabled, when a user successfully logs in. To reiterate: when failing a MFA-disabled login it shows the Webhook-error, when failing with MFA-enabled it shows the 'invalid code'-error.

      posted in Comments & Feedback
      A
      appeal