Comment by mooreds

17 minutes ago

I work for FusionAuth.

We have lambdas (basically JavaScript code that can make API calls[0] and be managed and tested[1]) that execute at fixed points in the auth lifecycle:

- before a login is allowed

- before a token is created

- after a user returns from a federated login (SAML, OIDC, etc)

- before a user registers

And more[2].

And we're currently working on one for "before an MFA challenge is issued"[3].

There are some limitations[4]. We don't allow, for instance, loading of arbitrary JavaScript libraries.

Not sure if that meets all your needs, but thought it was worth mentioning.

0: https://fusionauth.io/docs/extend/code/lambdas/lambda-remote...

1: https://fusionauth.io/docs/extend/code/lambdas/testing

2: full list here: https://fusionauth.io/docs/extend/code/lambdas/

3: https://github.com/FusionAuth/fusionauth-issues/issues/2309

4: https://fusionauth.io/docs/extend/code/lambdas/#limitations

1 comment

mooreds

gnaman 3 minutes ago

thank you I will check you guys out