Hi Dan,
We already have an issue: https://github.com/FusionAuth/fusionauth-issues/issues/1955
But please allow me to reiterate once more, as I get the feeling the issue is now downplayed a bit to being a developer experience-issue.
- We want a centralized / hosted authentication-solution, that we don't have to maintain ourselves. So…
- We have a hosted FA-instance and try to use the hosted login and registration views.
- There is an external API, though, that we Ping using a webhook for authorization purposes. This checks if application-access for a given user is still up to date with our own administration. If not the webhook returns a non-200 response and we update FA using an API-call accordingly.
- The webhook works very nice, and will be even better as soon as we get to customize its error message, which, I believe is already on your development-calendar (https://github.com/FusionAuth/fusionauth-issues/issues/1725)
- When the webhook fails we get a nice error message in the hosted interface that we can customize even. All is well.
- There's one exception to this, that is when the webhook fails after entering the MFA-challenge. Then we, all of a sudden don't get the webhook-error message, that we have customized, but an error message the MFA-challenge is incorrect. Which it is not. And which confuses our users, as they try another OTP-token, or even worse: another SMS, but it keeps failing.
- The token is not wrong. The webhook is failing. Everywhere the interface reports this correctly, except for this one, crucial, place: the entering of the MFA-challenge.
I see no way to customize this behavior, as a developer. This is not a developer experience issue, I feel, this is a bug.