Open matt1hathcock opened 2 years ago
This is either a doc bug (we should document this behavior) or a product bug (we should catch thrown exceptions from a lambda). I vote for the latter, as I think it is more consistent to have only webhooks be able to intervene in the login flow, but either option works.
What was the expected behavior in this case? Currently if you throw an exception in the lambda, it will fail the login request, this is by design.
Excellent, then we should document this.
The alternative is that we don't allow thrown exceptions to stop the login process. But if this is working as designed, I'll just document it.
I would consider this a dev time issue. I would hesitate to mask the exception because it may affect data integrity depending upon what is happening in the lambda, and what the user of FusionAuth expects the user to look like after a login is complete.
Need to add some notes here as this was done with a reconcile lambda.
@robotdan This behavior is not the same in the JWT populate lambda as the user is still authenticated and redirected to the application
Per https://github.com/FusionAuth/fusionauth-site/pull/1670 we should not document this behavior for now.
Throwing Exception within Reconcile Lambda Exits Login Flow
Description
I configured the Google IdP with a working client id and secret to succesfully login users via Google.
User login was sucessful.
I then added some javascript to the Google Reconcile Lambda to throw an exception.
The lambda was then added to the Google IdP.
Upon attempting to login again the login failed.
The error message is shown as pictured.
Related