Add API to look up a user by an email address without using the `/api/user?loginId=<email>` GET request

[mooreds]

Add API to look up a user by an email address without using the /api/user?loginId=<email> GET request

Problem

I need to:

1. add a user via the create user API
2. immediately look up that user by email for additional processing

I can't use /api/user?loginId=<email> because it logs PII (the user's email) in any proxies that exist between my service and FusionAuth.

I also want to keep using the Elasticsearch search engine, but that has some issues (see below, under workarounds).

Solution

I'd like an API that looks the user up by email address, but is a POST so that the PII is not captured in any log files.

Alternatives/workarounds

• Poll elasticsearch, using the User Search API. However, there's some lag in the ES index update. This typically doesn't take long, but it's hard to know how long you should poll for if you are trying to find out whether a user exists.
• If you have no need of advanced searching capabilities, you could switch to the database search engine and POST to the search endpoints and hit the database directly. However, this takes away a major advantage of using FusionAuth, the rich search capabilities.
• If the process in step 2 can receive a webhook, FusionAuth can fire one on successful user creation, with full user details. This decouples the process, but may introduce complexity.
• Scrubbing the logs and GET the /api/user?loginId=<email> API. Here's an article from a google employee: https://medium.com/google-cloud/protect-sensitive-info-in-logs-using-google-cloud-4548211d4654 on how to do so using Google services (if you are in GCP). Analogous options exist for any other cloud/envt but may be complex/expensive to set up.
• If you can generate a UUID (v4) ahead of time, you can use it for user.id during creation. Then, the process in step 2 can look up the user by UUID, which directly hits the database no matter which user search engine you are using. This kind of search will work with single or multiple UUIDs.

Additional context

This was a customer request.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

[robotdan]

We could add support for accepting a JSON request body on the GET method.