Unique username and email at the same time

kasir-barati

username, and email uniqueness.

We wanna let users to register with unique usernames, and email addresses. I know that we can store the email/username in the user.data field, which is not required to be unique. And we know that we cannot specify username and email at the same time. Look at this error message you'll get when you try to specify both:

{
  statusCode: 400,
  exception: {
    fieldErrors: {
      'user.email': [
        {
          code: '[blank]user.email',
          message: 'You must specify either the [user.email] or [user.username] property. If you are emailing the user you must specify the [user.email].'
        }
      ],
      'user.username': [
        {
          code: '[blank]user.username',
          message: 'You must specify either the [user.email] or [user.username] property. If you are emailing the user you must specify the [user.email].'
        }
      ]
    },
    generalErrors: []
  }
}

I was trying to update a user with following code:

await fusionAuthClient.updateUser(id, {
  user: {
    lastName: updateUserInfoDto.lastName,
    firstName: updateUserInfoDto.firstName,
    uniqueUsername: updateUserInfoDto.username,
  },
});

So here is a similar Q&A: https://fusionauth.io/community/forum/post/3055

Qustion

I am trying to emphasis that just by saving username in user.data we will be able to have both username and email but applying rules such as uniqueness would require more manual work. Cannot we just tell FusionAuth to make sure that user.data.username should be unique in that application or tenant?

I really do not like to check it manually in my backend considering how costly and inefficient it would be;

1. Send an HTTP req to FusionAuth API to fetch all the users.
2. Loop over them to verify user.data.username is not equal to the one that is entered by the user.
3. Update user.

Or at least that's how I though about its implementation.

kasir-barati

GH issue: https://github.com/FusionAuth/fusionauth-issues/issues/185

kasir-barati

It seems like I do not have any mean to implement this in FusionAuth, I search for a way to define new constraints in DB for user.data field but no luck.

Then the other option is a vulgar way of doing it, fetching all users and then looping over users and comparing the user.data.username with the new one. It is not gonna work in a medium-size or large user base app.

I can think of one more option which is saving all usernames in my MongoDB database which can work but is not what I would volunteer for it.

Any suggestion?

kasir-barati

I can also think of one ugly solution which is not very pleasant for the users and that would be generating usernames by concatenating firstName, lastName and a random hexadecimal string.

kasir-barati

Coming back to this thread to update you on something really weird, FusionAuth is throwing an error when I try to have email and user.data.username. I thought FusionAuth really do not care about what is inside the data. Or maybe I am misconfiguring somethings .

It's error message: You must specify either the [user.email] or [user.username] property. If you are emailing the user you must specify the [user.email].

kasir-barati

Ahhhhhh, this error is getting on my nerves: You must specify either the [user.email] or [user.username] property. If you are emailing the user you must specify the [user.email]

The thing is that I am setting the user's email to enable them login and then inside data object I am setting a username for the future use, but as of now it is kinda random and automatically generated at the registration time.

So why the heck is FusionAuth SDK for Typescript returns a client response with this error is a mystery for me.

It should not do it under normal circumstances, according to my understanding you can only use email or username, and I am setting email as the way to login but username is inside the data and that should not interfere with anything IMO.

I am trying to update this user that was created automatically with Terraform:

resource "fusionauth_user" "you-say-temp-user" {
  tenant_id                = fusionauth_tenant.you-say-tenant.id
  email                    = "souma.kazuya@you-say.com"
  first_name               = "Souma"
  last_name                = "Kazuya"
  password                 = "souma.kazuya"
  skip_verification        = true
  password_change_required = false
  data = jsonencode({
    username : "souma_kazuya"
  })
}

And here is the TS code that I am using to update it, as you can see I am not even touching username:

await this.fusionAuthClient.updateUser(id, {
  user: {
    lastName: updateUserInfoDto.lastName,
    firstName: updateUserInfoDto.firstName,
  },
});

It would be really great if someone could leave a comment setting myself aside ありがとう.

dan

@kasir-barati Hiya, welcome to FusionAuth. Sorry, just ran across your forum post today.

There is no way to assign constraints to user.data fields within FusionAuth, but there is an open issue that I encourage you to upvote.

You can require usernames to be unique in a tenant, using the Unique usernames setting. It is, however a feature which requires a paid plan.

Another alternative, rather than

fetching all users and then looping over users
would be to search for the username before creating the user. Using the search functionality that wouldn't require scanning all the users. You can use a transactional webhook to fail user creation if your uniqueness rules are not met.