Open mooreds opened 3 years ago
noe-charmet
commented
3 years ago Thanks for the efficiency here 👍
I'll chip in with extra details on our use cases.
We use the authentication events for our user activity metrics. We parse the user-agent to obtain some insight on the devices used by our users.
We have developed a custom anomaly detection system for user authentication that relies on the client passing a device ID when authenticating.
robotdan
commented
3 years ago Related, added IP address here. https://github.com/FusionAuth/fusionauth-issues/issues/1162
We could also look at adding additional info from the HTTP request. The User-Agent is a good idea.
robotdan
commented
2 years ago As of 1.30.0, we should now have User-Agent, IP address, IP location (if Threat Detection is enabled), and any other data provided on the login request event info. https://fusionauth.io/docs/v1/tech/release-notes/#version-1-30-0
Please re-open if we are still missing something you'd like to see.
https://fusionauth.io/docs/v1/tech/apis/login/#authenticate-a-user
It may be that the new event info object is not documented yet on the Login API. The Login request payload can optionally take an eventInfo object.
For example:
{
"eventInfo": {
"data": {
"deviceId": "12345"
},
"deviceDescription": "my awesome iPhone",
"deviceName": "iPhone",
"deviceType": "mobile",
"ipAddress": "42.42.42.42",
"os": "iOS 12",
"userAgent": "Safari"
}
}@mooreds or @jobannon can you double check we have this documented? It is part of the base login request, so this affects several APIs.
mooreds
commented
2 years ago Nope, it's not documented. We'll need to do that.
There are two related things that lack for us in the events and that would allow us to migrate more easily.
/oauth2/authorize?myParam=valueThese are both used for security features, and that we currently are getting from our current authentication provider.
Originally posted by @noe-charmet in https://github.com/FusionAuth/fusionauth-issues/issues/1162#issuecomment-822594754