Errors returned when valid login sent.

[Fudgeey]

Hello,
I am trying to send a LoginRequest to FusionAuth, with valid data I have tested. However, it returns an empty map.
&{map[] []}
It has only started doing this when I updated to FusionAuth 18.

[robotdan]

Can you provide an example login request and response?

[j-wil]

I may have run into this issue today. If you have multiple application and you make a request without an application Id I would get a "[TenantIdRequired]" error in my response.

Code that returns a TenantIdRequired errors:

func (s Service) Login(c echo.Context, user string, pass string) (model.AuthToken, error) {
	var credentials fusionauth.LoginRequest
	credentials.LoginId = user
	credentials.Password = pass
	// credentials.ApplicationId = s.appID

	r, errors, err := s.fa.Login(credentials)

	if err != nil {
		return model.AuthToken{}, err
	}
	if errors != nil {
		return model.AuthToken{}, err
	}
	return model.AuthToken{
		AccessToken:  r.Token,
		RefreshToken: r.RefreshToken,
		TokenType:    "Bearer",
	}, nil
}

Simply remove the comment and add the applicationId and everything works as expected. @robotdan This may be more of an issue with FusionAuth I'm not sure but if you point me in the right direction I can report this there.

[robotdan]

@j-wil this looks to be working as designed. A tenant is a namespace, so if you have more than one tenant, the email address or username you are providing as the user parameter is only unique within a tenant.

Once you remove the applicationId (which is globally unique) we no longer have enough context to look up a user by the email address or username.

Once you have more than one tenant, you will need to provide a tenantId whenever the request is ambiguous.

[j-wil]

@robotdan I'm new to FusionAuth so I may be confused but I currently have 1 tenant and 2 applications so when the tenantId required error came back I wasnt sure how to remedy the situation. Then according to the docs the applicaiton id is not required but recomended for most applications so I added the application id and no longer recieved the tenentID error.

I guess the confusion is I got a tenantID required error but the remedy was populating the applicationID.

[michaeldabbott]

There is a scenario where you have a multiple tenantId and the user you're logging into belongs a tenant that you're not passing in.

so for example if you have a user set up on the default tenant.
then create a tenant and try and login into that user with the new tenant being passed in
the response object is nil, the fusionauth.Errors maps to &{map[] []} and err returns EOF.
Something to look out for, usually when fusionauth.Errors results in &{map[] []} then it's likely you're passing in the wrong tenant.
Hopefully there's a scenario where fusionauth.Errors can return a an error inside fusionauth.GeneralErrors, which would potentially imply that the user you're requesting a login in for belongs to a different tenant. Or perhaps fusionauth.LoginResponse could return a 403, as it does return a statusCode.
I've opened an issue on this.

[robotdan]

@j-wil If I understand correctly, you have a single tenant, and you are still seeing this error? That would be an error. Please confirm, and verify the total tenant count.

Thanks!

[j-wil]

@robotdan My apologies for taking so long to wrap back around on this but it appears I was wrong we did have 2 tenants in Fusion thus it makes complete sense that the appID is required in the request. Thanks for taking the time to respond and work with me on this.

From my perspective, this is a non-issue but I'm not sure if the OP is satisfied or not.

[robotdan]

Thanks for the update @j-wil happy to assist.