Hello everyone,
I’m working on a custom authenticator and I don’t really understand some concepts, such as context.failure()
, context.failureChallenge()
or context.forkWithErrorMessage()
.
How to properly manage errors cases on an authenticator?
I understand that failureChallenge
increment the error count in brute force attack detection, and failure does not.
But what about forkWithErrorMessage
? In which use case should I use forkWithErrorMessage instead of failure
?
Can someone explain to me what are the differences between “failure” and “fork” please ?
In my use case, it’s an authenticator that verifies a code sent by email.
I check if the user is temporarily blocked by the brute force protector and if so, I want to stop the authentication. Should I use fork
or should I use failure
?
Thank you for your help !