patchUser respond 404 from webhook on user.registration.create event

muravyov.alexey

I try to use google IdP to create new user and update user.data object on user.registration.create and use it further to populate access token.
Also I use same webhook to update FA's user on user.user.login success just to be sure that it works correctly.
I replace real google account with MY_GOOGLE_ACCOUNT@gmail.com

FusionAuth version [1.31.0]

Preconditions:
1 have google account;
2 have no user in FA's DB for this google account or same email;
3 have webhook for user.registration.create event;
4 tenants > edit tenant > webhooks > user.create: "All the webhooks must succed";
5 tenants > edit tenant > webhooks > user.registration.create: "All the webhooks must succed";
6 Applications > MyApp > Self service registration: enabled;
7 Settings > Identity Providers > Edit Google: for MyApp "Create registration" enabled.

When I click 'Login with Google' button
I see in backend logs:

FusionAuth event:  user.create
FusionAuth event:  user.create.complete
FusionAuth event:  user.registration.create
populateFusionAuthUser on event:  user.registration.create
event.user.data: { identityProvider: [Object], accountId: undefined }
try to patch FusionAuth user:  
{
  "userId": "4fb531ce-5fbf-4da6-b251-7ab7291326d2",
  "userRequest": {
    "user": {
      "email": "MY_GOOGLE_ACCOUNT@gmail.com",
      "data": {
        "accountId": "30c36365-7224-4d01-8f9c-cf1d0fca3986"
      }
    }
  }
}
patchUser error: {
 "statusCode": 404
 }
FusionAuth event:  user.registration.create.complete
event.user.data: { identityProvider: [Object], accountId: undefined }
FusionAuth event:  user.login.success
event.user.data: { identityProvider: [Object], accountId: undefined }
populateFusionAuthUser on event:  user.login.success
try to patch FusionAuth user:  
{
  "userId": "4fb531ce-5fbf-4da6-b251-7ab7291326d2",
  "userRequest": {
    "user": {
      "email": "MY_GOOGLE_ACCOUNT@gmail.com",
      "data": {
        "accountId": "30c36365-7224-4d01-8f9c-cf1d0fca3986"
      }
    }
  }
}
FusionAuth event:  user.update
FusionAuth event:  user.update.complete
data: { accountId: '30c36365-7224-4d01-8f9c-cf1d0fca3986', identityProvider: [Object] }

So it looks like patchUser can't found user record to patch. How it can be?
I suppose on user.registration.create user entity exist in FA and allowed to patch.

joshua

@muravyov-alexey

I wonder if you are running into this limitation of webhooks and newly created users.

https://fusionauth.io/docs/v1/tech/events-webhooks/writing-a-webhook/#calling-fusionauth-apis-in-webhooks

There are a few workarounds that you could try in this documentation.

Let us know if this gets you closer to a solution or we can keep troubleshooting.

Thanks,
Josh

muravyov.alexey

@joshua
in the documentation we have 3 workaround
the first I can't use because users are self registering
the third is not applicable to because I need custom data when a first access token will be generated
the second case it is what I try to use
the documentation says that on user.registration.create event the user alredy exist in FA's database, but my logs show it isn't.
Same case work when I use email/password authentication but when I use google authentication it can't patch user on user.registration.create event, and this is strange

I wonder do we have same sequence of events' transactions in this both case (login with email/password and login with IdP) or it can be different?

Thanks,
Alexey

joshua

@muravyov-alexey

I keep circling back to this error

event.user.data: { identityProvider: [Object], accountId: undefined }

I am may need some more context to know why this undefined?

I wonder do we have same sequence of events' transactions in this both case (login with email/password and login with IdP) or it can be different?

Can you elaborate on this question?

Thanks,
Josh

muravyov.alexey

@joshua
Yes. I have checked this.
accountId it is exectly what I try to patch by API userPatch method.
This line is part of console.log result of event object, before I try to patch it:
event.user.data: { identityProvider: [Object], accountId: undefined }
Reason why we have accountId is TSOA and Typescript

interface FusionAuthEvent {
    type: string;
    user?: {
        id: string;
        email?: string;
        verified?: boolean;
        data?: FusionAuthCustomUserData;
    }
}

interface FusionAuthCustomUserData {
    accountId?: string;
    identityProvider?: {
        name: SocialProvider;
        userId: string;
    }
}
...
public async fusionAuthWebhook(@Request() request, @BodyProp() event: FusionAuthEvent) {...}

As I understand decorator @BodyProp create event object from scratch looking on type definition FusionAuthEvent and populate it from posted data.
So if accountId didn't come decorator set it undefined.

But it should not influe of the issue because on user.login.success same code works well.

Thanks.

joshua

@muravyov-alexey

Sorry for the delay on this one -

Can you confirm the client libraries that you are using?

Also, can you confirm the version of FusionAuth that you are using?

Thanks,
Josh

muravyov.alexey

@joshua

FA version 1.31.0
typescript-client-1.32.1