We have a weird scenario whereby it seems (there are other possible explanations) like onExecutePostLogin is being called multiple times.
We use this hook to call an endpoint in our app which sends a (home-brewed) 2FA SMS to the user. But for SOME (not all, which is worse) users they’re being sent lots and lots of 2FA messages.
There is no loop in my endpoint. So our current suspicion is that they’re stuck in a loop whereby onExecutePostLogin is somehow being called repeatedly as part of the same login flow.
Is this feasible as an explanation, or am I way off?
If an Action does not have the code necessary to trigger a loop OR if the user is not being redirected to the /authorize endpoint while being authenticated (each time the /authorize endpoint would be accessed, the PostLogin Action Trigger will be executed), an action should not execute multiple times.
From what I understand from your topic, the multiple sms messages might be triggered by your home-brewed 2FA SMS.
Could you share your tenant name so I can take a look at your actions or share how you are sending these SMS messages to your users?