FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. Tags
    3. lambda
    Log in to post
    • All categories
    • W

      Why FusionAuth Webhooks Show ONE_TIME_PASSWORD Authentication Type for Logins

      Frequently Asked Questions (FAQ)
      • webhooks webhook lambda • • wesley
      2
      0
      Votes
      2
      Posts
      54
      Views

      W

      Great question—this often causes confusion.

      In FusionAuth, logging in after a Forgot Password flow is tracked as ONE_TIME_PASSWORD. That’s because, technically, FusionAuth uses a one-time password during that process. For example, if you look at the Change a User’s Password API, it returns a one-time password token. On the hosted pages, FusionAuth automatically consumes this token to sign the user in immediately after they reset their password via the forgot password link in their email.

      So even without traditional OTP or MFA configured, these login events can appear as ONE_TIME_PASSWORD due to password reset flows.

    • W

      How to Retrieve and Replay Failed Webhook Events in FusionAuth

      Frequently Asked Questions (FAQ)
      • webhooks lambda webhook • • wesley
      2
      0
      Votes
      2
      Posts
      38
      Views

      W

      FusionAuth provides an API to search for webhook event logs, including failed events. For example, you can use this endpoint:

      /api/system/webhook-event-log/search?start=<timestamp>&end=<timestamp>&eventResult=Failed

      This will return all webhook events in the specified time frame that failed. More details are here:
      Search Webhook Event Logs

      In the API response, the event section contains the original payload that was sent. While FusionAuth doesn’t currently have a built-in replay feature, you can extract this event data and manually re-send it to the webhook URL using your own REST calls.

      A native replay feature is on the roadmap, but there’s no confirmed timeline for its release yet.

    • W

      Determining User Authentication Method in FusionAuth

      Frequently Asked Questions (FAQ)
      • webhook webhooks lambda • • wesley
      2
      0
      Votes
      2
      Posts
      4
      Views

      W

      Yes, FusionAuth provides this information via the authenticationType claim in the JWT. This claim indicates the authentication method used, such as PASSWORD, GOOGLE, SAML, etc.

      How to Access Authentication Type:

      From the JWT: The authenticationType claim is included in the JWT access token. Documentation: JWT Access Token Claims From a Webhook Event (Alternative Approach): The same authenticationType value is included in the user.login.success webhook event. This may be useful if your system processes authentication events via webhooks instead of decoding JWTs. Documentation: User Login Success Webhook

      For additional details on JWT structure and claims, refer to: JWT Components Explained

    • W

      Unsolved Determining User Authentication Method in FusionAuth

      Q&A
      • webhook webhooks lambda • • wesley
      2
      0
      Votes
      2
      Posts
      6.0k
      Views

      W

      Yes, FusionAuth provides this information via the authenticationType claim in the JWT. This claim indicates the authentication method used, such as PASSWORD, GOOGLE, SAML, etc.

      How to Access Authentication Type:

      From the JWT: The authenticationType claim is included in the JWT access token. Documentation: JWT Access Token Claims From a Webhook Event (Alternative Approach): The same authenticationType value is included in the user.login.success webhook event. This may be useful if your system processes authentication events via webhooks instead of decoding JWTs. Documentation: User Login Success Webhook

      For additional details on JWT structure and claims, refer to: JWT Components Explained

    • H

      Unsolved Connector not persisting claim

      Q&A
      • connectors netcore lambda • • helzgate
      7
      0
      Votes
      7
      Posts
      1.9k
      Views

      H

      There is no way to get back information from FA when it calls your connector endpoint. What I ended up doing was creating separate applications for each portal in our app. WHen FA calls my connector, now I can look at the incoming applicationid and know which portal this user belongs too and that solved my issue.

    • M

      How to get populated user.data after user registraion.

      Comments & Feedback
      • populate jwt lambda webhook registration • • muravyov.alexey
      7
      0
      Votes
      7
      Posts
      9.5k
      Views

      danD

      @muravyov-alexey Thank you!

    • T

      Lambda reconcile does not remove role from registration

      Q&A
      • azure lambda oidc reconcile registration • • tl+fa
      12
      0
      Votes
      12
      Posts
      6.8k
      Views

      joshuaJ

      Hi @tl-fa,

      You can view our Roadmap Guidance regarding how features are implemented into FusionAuth. A good snapshot of current development can be found here as well.

      We will certainly update any related issue cards as development moves forward!

      Thanks!
      Josh

    • danD

      Can I register a user for additional applications in a SAML reconcile lambda

      Q&A
      • saml lambda • • dan
      2
      0
      Votes
      2
      Posts
      2.3k
      Views

      danD

      Nope. While you can modify attributes of the user object and the changes will be persisted, you can't modify the registrations of that user.

    • danD

      Kickstart and lambdas and newlines

      Q&A
      • kickstart lambda • • dan
      2
      0
      Votes
      2
      Posts
      1.3k
      Views

      danD

      Can you use an include for the function body? For example: (where myLambda.ftl is your Lambda function in a folder named lambdas)

      "lambda":{ "body": "@{lambdas/myLambda.ftl}", }

      That should preserve your line returns if you include it that way. Hope that helps!

    • danD

      Can we set multiple "aud" claims in FusionAuth?

      Q&A
      • lambda claims jwt faq • • dan
      2
      0
      Votes
      2
      Posts
      3.8k
      Views

      danD

      We do not support this directly in FusionAuth, but you could use a Lambda to set the aud claim to whatever you want.

      The specification allows for a string value, or an array of string values, so you could create a Lambda with something like: jwt.aud = [ 'foo', 'bar' ];

      More about Lambdas and JWTs here: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate