Enable this webhook on the tenant with a TX setting of all webhooks must succeed
In your webhook listener, return a non-200 respond to the user.login.success webhook
See that the user is able to obtain a new AT + RT and able to complete login with only an SSO session active (that is they have no active RT and no AT).
We should either
Fail the login (as our TX webhook is returning non-200 here)
Not send a user.login.success event when there is an active SSO session (as the user is "logged in already" depending on your viewpoint of what a FA SSO session is)
Create a separate event called user.login.sso.success to transmit events in these scenarios.
What happened?
user.login.success
webhookall webhooks must succeed
user.login.success
webhookWe should either
user.login.success
event when there is an active SSO session (as the user is "logged in already" depending on your viewpoint of what a FA SSO session is)user.login.sso.success
to transmit events in these scenarios.Version
1.48.3
Affects Versions
No response