Latest login information in the Loginapp REST API

The Loginapp REST API may provide REST clients with the user's last login information while in the authentication flow.

A typical use case is to display the date and time of the last login attempt during login. This may be while checking a 2nd authentication factor or in any other step in the authentication process after identifying the user.

If this feature is enabled, the latest login information is provided in all REST responses after successfully identifying the user. If an authentication flow starts with a user identifying step without verification of an authentication factor (e.g. password, remember-me cookie, SSO ticket, ...) this may lead to unwanted information leakage.

To include information about the last login in the REST responses of the authentication flow, configure IAM as follows:

1. Go to:
   Loginapp >> Authentication Flows >> affected flow >> Authentication Flow
2. If using the Default Authentication Processors plugin, enable its property Add Latest Authentication Feedback.
3. if using a Custom Flow Processors plugin, add the Latest Authentication Feedback Processor plugin to the list of processors.

If the feature is enabled, non-failing responses in the authentication flow after the user-identifying step (e.g. username and password check) will include additional attributes about the user's last login as in the following example (latestAuthentication).

HTTP 200 OK


{
   "meta":{
      "type":"jsonapi.metadata.document",
      "timestamp":"2021-09-08T18:41:31.300+02:00"
   },
   "data":{
      "type":"authentication.session",
      "id":"972343998809769864",
      "attributes":{
         "nextAuthStep":"AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED",
         "latestAuthentication":{
            "attemptAt":"2021-09-08T18:35:22.344+02:00",
            "successful":true
         }      }
   }
}