Yes, FusionAuth provides this information via the authenticationType claim in the JWT. This claim indicates the authentication method used, such as PASSWORD, GOOGLE, SAML, etc.

How to Access Authentication Type:

From the JWT: The authenticationType claim is included in the JWT access token. Documentation: JWT Access Token Claims From a Webhook Event (Alternative Approach): The same authenticationType value is included in the user.login.success webhook event. This may be useful if your system processes authentication events via webhooks instead of decoding JWTs. Documentation: User Login Success Webhook

For additional details on JWT structure and claims, refer to: JWT Components Explained

You have a couple of options:

you can update webhook so it always returns 200, regardless of the message it receives. This won't work if the webhook URL is incorrect. For example, if you set up the webhook to live at https://exmple.com when it really lives at https://example.com and you don't have access to https://exmple.com. if you have an API key, you can update the webhook to be non-transactional. Setting up such an API key is a critical part of common configuration. if someone has an active session in the admin UI, they can also modify the configuration to make the webhook non-transactional.

No. But the user.bulk.create would. See https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-bulk-create for more details.

So, this appears to be a limitation of Facebook. Here are the API docs from Facebook which have no mention of how long the image URL returned if you pass redirect=0 is good for.

Looks like some Auth0 users also encountered this.

So I think you are on the right path with downloading the user's Facebook images and updating them on your side every time a user logs in.

Is this what you are looking for? https://fusionauth.io/docs/v1/tech/events-webhooks/events#jwt-refresh

Make sure you enable the webhook in the tenant as well as in the webhook definition.

This is a unique Id field per event, we do not currently persist this event for later retrieval.

If you want any persistent storage of the events, you would need to capture and store the event.

There is not any special logging for webhooks.

If an exception occured that would cause it not to be fired, that will be in the log. If it is not being fired and there is no exception, then it is likely that the webhook is not configured to be sent for the particular tenant that you’re using.

More about webhooks: https://fusionauth.io/docs/v1/tech/events-webhooks/

Apparently jackson + friends make assumptions when it comes to parsing raw -> ZonedDateTime. It appears that the ZonedDateTime for createInstant when deserializing timestamps are not being handled properly somehow, so you need custom code. We have our own Jackson serializer and deserializer for ZonedDateTime to ensure we always get milli in and milli out.

Here's the code (Apache2 license) and the maven repository links if it's helpful.