Non-2xx status code from webhook causing 504 Gateway error from login API

twilkinson

Can someone tell me if this is the normal behaviour for a webhook that returns a non-2xx status code? I'm running FusionAuth version 1.27.2.

If I make an API call to the /api/login endpoint and the webhook returns 200 OK, then the API request returns 200 OK and the payload is as expected for that call. So far so good.

However, if the webhook returns 401 Unauthorized, then the /api/login request returns 504 Gateway Timeout with the payload:

{
    "generalErrors": [
        {
            "code": "[WebhookTransactionException]",
            "message": "One or more webhooks returned an invalid response or were unreachable. Based on your transaction configuration, your action cannot be completed."
        }
    ]
}

(Fwiw, calling the webhook directly returns 401 Unauthorized with the payload Content-Type: application/json; charset=UTF-8 and the empty json object {}.)

I expected to get an error from the /api/login request, but not 504 Gateway Timeout which is saying that the webhook "returned an invalid response" (I think the webhook response is valid).

Is this the normal and expected behaviour? If not, what might I be doing wrong?

joshua

@twilkinson,

Welcome!

We do have a guide for writing a webhook and in it, it mentions:

Your Webhook must handle the RESTful request described above and send back an appropriate status code. Your Webhook must send back to FusionAuth an HTTP response code that indicates whether or not the event was successfully handled or not. If your Webhook handled the event properly, it must send back an HTTP response status code of 2xx. If there was any type of error or failure, your Webhook must send back a non 2xx HTTP response status.

I am uncertain of your application flow. What is the purpose of the webhook? Any other details on how it is set up and how you are connecting to it or using it? More details may be helpful in debugging your issue.

Related links:
https://fusionauth.io/docs/v1/tech/events-webhooks/writing-a-webhook/
https://fusionauth.io/docs/v1/tech/events-webhooks/

Thanks,
Josh

twilkinson

Hi Josh,

Thanks for your reply.

I'm new to FusionAuth and am just trying out different things to learn how to use it properly.

I did see the comments in the guide you mentioned and I'm pretty sure I'm following them.

As I described in the OP, I've set up a simple webhook that just returns 401 Unauthorized with the payload Content-Type: application/json; charset=UTF-8 and the empty json object {}. It doesn't really do anything else. I've tested it with Postman.

Now when I call any FusionAuth endpoint (for example /api/login), I get a 504 Gateway Timeout error.

I guess my question is, is that the error I should expect from the FusionAuth endpoint when my webhook returns a 401?

Edit: I should mention that if I change the webhook to return 200, the FusionAuth endpoint behaves normally and returns 200.

Thanks,
Terry

dan

Hi @twilkinson ,

To add on to what @joshua said, we are in the process of documenting the webhook return status codes.

This is undocumented so it may change, but right now whenever a webhook transaction fails, a 504 status will be returned.

I asked internally and I don't think there's any reason why we picked 504; if we were starting from scratch I'd advocate for a different, unassigned 5xx status.

Hope this helps answer your question.

twilkinson

Hi @dan ,

Yes, that does answer my question. Fwiw, I did find the choice of 504 somewhat misleading.

Thanks,

admin

This post is deleted!

joshua

@twilkinson

Thanks for the feedback! Looks like @dan opened up an issue on the app repo to explore this further

https://github.com/FusionAuth/fusionauth-issues/issues/1250

Thanks,
Josh

twilkinson

I have added a further suggestion to the issue on the app repo.

https://github.com/FusionAuth/fusionauth-issues/issues/1250#issuecomment-859634082