[Bug]: Login via FA SSO session transmits a user.login.sucess event (if configured) but does fail login if transactional - Githubissues

FusionAuth / fusionauth-issues

FusionAuth issue submission project

https://fusionauth.io

90 stars 12 forks source link

[Bug]: Login via FA SSO session transmits a user.login.sucess event (if configured) but does fail login if transactional #2643

Open jobannon opened 4 months ago

jobannon commented 4 months ago

What happened?

Set up a user.login.success webhook
Enable this webhook on the tenant with a TX setting of all webhooks must succeed
In your webhook listener, return a non-200 respond to the user.login.success webhook
See that the user is able to obtain a new AT + RT and able to complete login with only an SSO session active (that is they have no active RT and no AT).

We should either

Fail the login (as our TX webhook is returning non-200 here)
Not send a user.login.success event when there is an active SSO session (as the user is "logged in already" depending on your viewpoint of what a FA SSO session is)
Create a separate event called user.login.sso.success to transmit events in these scenarios.

Version

1.48.3

Affects Versions

No response