FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Gated Users still can get a JWT token

    Scheduled Pinned Locked Moved
    General Discussion
    2
    2
    283
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrey.dzhezhora
      last edited by

      I enable the functionality of “Gate Users Until They Verify Their Email”
      but even after doing step by step manual(https://fusionauth.io/docs/v1/tech/tutorials/gating/gate-accounts-until-user-email-verified) unverified email users still can get jwt token via API , anyone familiar with this strange behavior .?

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @andrey.dzhezhora
        last edited by

        @andrey-dzhezhora

        Hmmm. What does the login API return as a status code. My guess, from reading the docs, is that it returns a 212, as specified here: https://fusionauth.io/docs/v1/tech/apis/login#authenticate-a-user

        This is still a kind of success, and if you are using the Login API, you are expected to consume the response codes and make appropriate limitations based on that.

        Does that make sense?

        If, on the other hand, you are getting a 200 for this user, that seems like a bug. Or at least something is going on that I don't understand.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post