Hello everyone,
I’m working on a custom authenticator and I don’t really understand some concepts, such as context.failure(), context.failureChallenge() or context.forkWithErrorMessage().
How to properly manage errors cases on an authenticator?
I understand that failureChallenge increment the error count in brute force attack detection, and failure does not.
But what about forkWithErrorMessage ? In which use case should I use forkWithErrorMessage instead of failure?
Can someone explain to me what are the differences between “failure” and “fork” please ?
In my use case, it’s an authenticator that verifies a code sent by email.
I check if the user is temporarily blocked by the brute force protector and if so, I want to stop the authentication. Should I use fork or should I use failure ?
Thank you for your help !