@ezequiel-rebasa said in Unable to Obtain Tenant-Signed Access Token for Data-Plane Apps in a Multi-Client, Multi-Application FusionAuth Architecture:

prompt=none

OK a few things. One is it looks like there are a few open issues #521 and #2208 around FusionAuth not supporting the "prompt=none" parameter.

I may be missing something here, but using lambdas, I as able to hit the login event for both Tenants when logging in. I image you could make the changes you needed there.

I set up FusionAuth so that I have 2 Tenants Default and Test Tenant.

In Default there is the FA Login Master application.

I the Test Tenant I have the ExampleDotNetApp application.

I set up an Identify Provider named FusionAuth Default Tenant FA Login Master using the FA Login Master application as the (IdP) and enabled it on the Test Tenant ExampleDotNetApp. I created a lambda named "FA Default OpenID Reconcile" of type OpenId Connect reconcile.

The order the Lamda's were executed were as follows:

"FA Default Access Token Populate" of type JWT populate on FA Login Master

"FA Default OpenID Reconcile" on FusionAuth Default Tenant FA Login Master

"ExampleDotNetApp Access Token Populate" of type JWT populate on ExampleDotNetApp.

You could use potentially use any of those to inject info you need on the JWT.
**Please not that Lambda HTTP Connect is only available in an Essentials or Enterprise plan.

When I add a favoriteColor in the "ExampleDotNetApp Access Token Populate" lambda, I am able to see it in the ExampleDotNetApp application after logging in.

I would think with the access to those lambdas, you may be able to accomplish what you are trying to do.

@pocfused said in Email verification fails in new incognito mode:

https://fusionauth.io/community/forum/topic/1406/link-in-email-verification-not-working-first-time

Glad you were able to solve your issue.

As far as the automatically verify the email part. What settings do you have for Applications -> Your Application -> Registration -> Verification strategy? There is a setting Clickable link. Is that what you are after?

Another thought would simply turning off Verify registrations in the Applications -> Your Application -> Registation tab work for you or do you still want the user to actually have to click on a link? (It would make sense to ensure the user owns the email address.)

You could also do something like provide a custom template and direct them to your application and then automatically verify them using the APIs. Check out this blog post.

Good luck.

Yes. You can use FusionAuth's OpenID Connect Identity Provider.

I did this a few weeks ago, so am writing these instructions from memory.

Prerequisites:

A yahoo account A running FusionAuth instance (localhost is fine)

Steps:

Go to the Yahoo! developer network and create an app. The redirect URI for Yahoo is https://<your instance>/oauth2/callback Save off the provided Client ID (Consumer Key) and Client Secret (Consumer Secret). Then go to FusionAuth and create an OpenID Connect Identity Provider: <your instance>/admin/identity-provider/add/OpenIDConnect Put the Client ID (Consumer Key) and Client Secret (Consumer Secret) into the Client Id and Client secret fields, respectively. Uncheck Discover Endpoints. Manually configure the endpoints: Set the Authorization Endpoint to https://api.login.yahoo.com/oauth2/request_auth Set the Token Endpoint to https://api.login.yahoo.com/oauth2/get_token Set the Userinfo Endpoint to https://api.login.yahoo.com/openid/v1/userinfo Set the Scope to openid email profile and any other scopes you might need. (I was unable to find an authoritative list, but here's info about the mail scopes.) Update the Button text and Button image as needed. Enable it for applications as needed. Save the Identity Provider.