FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Enforcing attributes on a user

    Scheduled Pinned Locked Moved
    Q&A
    profile attributes
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      There may be times when you want to enforce certain attributes on a user before your application can proceed. So you want the user to authenticate, but then be 'held up' or sent someplace if they don't meet certain criteria:

      • MFA on their account
      • A certain age
      • Email verified
      • Some custom data in their profile filled out
      • Consent given

      How can this be done with FusionAuth?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by dan

        Apart from email verification, where gating is supported, all of these checks are business logic and need to be performed in your application.

        The current solution is to put the value into the JWT as a custom claim using this lambda: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/

        And then have your application check this when it is verifying claims (as it should do).

        There are some open issues on this:

        • https://github.com/FusionAuth/fusionauth-issues/issues/763
        • https://github.com/FusionAuth/fusionauth-issues/issues/1318

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        K 1 Reply Last reply Reply Quote 0
        • K
          kasir-barati @dan
          last edited by

          Hey @dan,

          I guess I need something similar for user.data.username. I need to define a rule on this custom user data to be unique in my app or tenant. As of now I really do not care about tenant or app since I only have one tenant and one app in my FusionAuth.

          So I've asked this Q&A and I need to enforce uniqueness for this data. But dunno how to do it. Any suggestion?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post