RE: Authentication for a cgi-bin

Hello.

@dan said in Authentication for a cgi-bin:

I"m not quite sure what you're trying to do.

maybe I don't know either.

without going into too much detail, the aim is to allow authenticated users to browse the Internet: the server where FusionAuth is installed will act as a firewall / gateway. Basically when a user is authenticated the executed script will create the appropriate rules via iptables.
so every time a user authenticates, something happens.
this something must know from which IP the request is made.

to answer your question: yes, I want to have an action (structured, complex) be fired off whenever someone logs in.

I repeat, maybe I'm wrong approach since I don't know the product, but I thought the best thing was to run a script after authentication. however I have to check that the call to the script is valid (authenticated user). If I authenticate via browser and then try to run the curl command (to simulate what the script would do) I get the error "The request is missing a required parameter: grant_type".
In the meantime, I'd like to understand what I'm wrong, that is why this error comes out: personal curiosity.
If there are simpler solutions to do what I need (events and webhooks) all the better.

After your suggestion I studied some webhooks (which I didn't know).
I created one, linked to the user.login.success event. If I didn't get it wrong, when this event goes off, it will visit a URL protected via basic auth, in this way I should be okay. I don't care about passing data, I just run the script. If I do it with the button (Webhooks-> Test-> Send events) everything works, if instead I perform the authentication nothing happens. there is no json handling in the script: I just run it, but it doesn't run.

I think I need to response with a status code of 200.

I don't know ... something is missing. maybe something big.

For python I have resolved.
with copy&paste I changed the order of parameters!
Now it works. My mistake.

I understood!
forgive me if I waste your time.
I feel stupid, very stupid.

the problem was downstream. I hadn't thought about it and my little knowledge of python error handling did the rest.
I noticed this by preparing the code for the zip file.
I report a part of it so as to explain the problem: even if I doubt that anyone can commit this idiocy.

            client_response = client.exchange_o_auth_code_for_access_token(authCode,applicationID,redirectURL,clientSecret)
            if client_response.was_successful():
	        result = '<p style="color:green">Access Granted.</p> Link logout: <a href="' + logoutUrl + '">Logout</a>'
                print(client_response.success_response)
		#... other code
                jsonResponse = json.loads(str(client_response.success_response).replace("\'", "\""))
                userId = jsonResponse['userId']
                userInfo = client.retrieve_user(userId)
                userInfoStr = str(userInfo.success_response).replace("\'", "\"")
                userInfoJson = yaml.load(userInfoStr, Loader=yaml.FullLoader)
                userName = userInfoJson['user']['username']
                userName = userName.lower()
                print ("Authenticated user: " + userName)
                sys.stdout.flush()

            else:
                print(client_response.error_response)
                result = '<p style="color:red">Access Denied!</p> Link logout: <a href="' + logoutUrl + '">Logout</a>'

When logging in with the username present there was no problem, if the username is missing something strange happens.
In reality the block was in error because I was trying to acquire data that I didn't have (UserName doesn't exist!).
Without that part of user identification everything works.

Damn!