Is there a way to update user data in the UI?

I'd like to update the user data object in the UI. I know I can do it via the API: https://fusionauth.io/docs/v1/tech/apis/users

https://fusionauth.io/blog/2021/04/01/fusionauth-introduces-simplepass/

I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?

There's now an open source terraform provider available: https://github.com/gpsinsight/terraform-provider-fusionauth

It's also on the registry: https://registry.terraform.io/providers/gpsinsight/fusionauth/latest

Can you run FusionAuth in Kubernetes?

Is modifying the JWT via a lambda equivalent to accessing the verified property of the user profile?

Within a lambda, you have access to the user and registration properties. So you'd pull the verified property from wherever you wanted and put it into the JWT as a custom claim. Here's a blog post about how that might work.

So yes, it is the same data. It's the tradeoff between a bigger JWT and having to make the additional call from your API.

Don't forget that the JWT will live for a while, so if this sequence happens and you use the JWT, you might have a user with a verified email prevented from using the API.

1. user registers
2. JWT issued, with verified set to false because the user isn't verified.
3. User verifies their email
4. User visits API, but is denied because the JWT has stale data.

I don't know timelines and how long your JWTs live for, but this is something to consider. Does that answer your question?

OK, we just released 1.18.8 and that is the version you want to use:

In requirements.txt:

fusionauth-client==1.18.8

And then this is the call you want to make (with client_id before redirect_uri) :

 resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)

Heya FusionAuth Users!

Got a minute to share your experience with the FusionAuth platform?

Please take this short Capterra survey.

You'll help improve the software and the first 100 eligible reviewers will get a $20 gift card.

We just released an overhaul of the website: https://fusionauth.io/ which includes a new look for the API docs: https://fusionauth.io/docs/v1/tech/

Hiya,

I'm unable to create a user registration using the .NET client libraries: https://fusionauth.io/docs/v1/tech/client-libraries/netcore

I have verified that the API key is basically a super user. I've verified that I'm sending the registration object. I've tried twiddling different properties (verified, insertInstant) and made sure that the application exists. I've added the a user registration to the application manually and it works. Creating a user and setting the userdata works just fine. It just seems like the registration isn't working.

I looked in https://github.com/FusionAuth/fusionauth-netcore-client/issues and https://github.com/FusionAuth/fusionauth-issues/issues but didn't see any relevant issues.

Here's my code so far (you can run it with fusionauth_api_key=<key> dotnet.exe run -- foo@foo5.com bluepass123 blue)

$ cat usermanager.csproj
<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>netcoreapp3.1</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="FusionAuth.Client" Version="1.15.7" />
    <PackageReference Include="JSON.Net" Version="1.0.18" />
  </ItemGroup>

</Project>

$ cat Program.cs
using System;
using io.fusionauth;
using io.fusionauth.domain;
using io.fusionauth.domain.api;
using System.Collections.Generic;
using Newtonsoft.Json;

namespace usermanager
{
    class Program
    {
        private static readonly string apiKey = Environment.GetEnvironmentVariable("fusionauth_api_key");
        private static readonly string fusionauthURL = "http://localhost:9011";

        private static readonly string tenantId = "66636432-3932-3836-6630-656464383862";
        static void Main(string[] args)
        {
            if (args.Length != 3) {
                Console.WriteLine("Please provide email, password and favorite color.");
                Environment.Exit(1);
            }
            string email= args[0];
            string password = args[1];
            string favoriteColor = args[2];

            FusionAuthSyncClient client = new FusionAuthSyncClient(apiKey, fusionauthURL, tenantId);
            User userToCreate = new User();
            userToCreate.email = email;
            userToCreate.password = password;
            Dictionary<string, object> data = new Dictionary<string, object>();
            data.Add("favoriteColor", favoriteColor);
            userToCreate.data = data;
            UserRegistration registration = new UserRegistration();
            registration.applicationId = Guid.Parse("4243b56f-0b45-4882-aa23-ac75eea22d22");
            registration.verified = true;

            registration.insertInstant = DateTimeOffset.UtcNow;
            var registrations = new List<UserRegistration>();
            registrations.Add(registration);

            userToCreate.registrations = registrations;

            UserRequest userRequest = new UserRequest();
            userRequest.sendSetPasswordEmail = false;
            userRequest.user = userToCreate;
            string u = JsonConvert.SerializeObject(userRequest);
            Console.WriteLine(u);
            var response = client.CreateUser(null, userRequest);
            string json = JsonConvert.SerializeObject(response);
            Console.WriteLine(json);

            if (response.WasSuccessful())
            {
                var user = response.successResponse.user;
                Console.WriteLine("retrieved user with email: "+user.email);
            }
            else if (response.statusCode != 200)
            {
                var statusCode = response.statusCode;
                Console.WriteLine("failed with status "+statusCode);
            }
        }
    }
}

Just wanted to update. A user opened: https://github.com/FusionAuth/fusionauth-dart-client/issues/7

To clear things up, with a public client like a mobile application, you can't safely store a client secret (it'll be shared among all the native apps and can be found via decompilation).

In this scenario, you should disable Require authentication in the FusionAuth Application configuration and use PKCE to secure communication with the Token endpoint.

You can use the exchangeOAuthCodeForAccessTokenUsingPKCE client method to do so.

This is also outlined here: https://fusionauth.io/docs/v1/tech/client-libraries/dart/

Interesting perspective from a guest blogger: https://fusionauth.io/blog/2021/04/15/open-source-auth-considerations/

A user could have a separate email address. For example:

• user signs up for application a, which takes an email address and a password
• user then signs up for application b, which takes a username and password, but has email verification enabled

If that isn't the case, you shouldn't enable email verification, since FusionAuth will have no way of sending the email .

Does that help?

@richb201 said in missing redirect_uri:

Thanks Dan. When you say "run a search" on the server, do you mean "try to start passwordless log in and review the error message", if it fails?

I mean use the user search API in your server side code. Sorry if I was unclear. You could do that on a page on your site.

I am not sure how to set up the security with FA with passwordless. How will I keep a user from just going directly to one of my pages anywhere on my site?

Typically you want to have your server side code save off in a session whether the user is logged in or not. Then you can have any of your web application show different messages or protect pages based on that.

Is it a a security mistake to allow them to access one of my methods IN MY APP to start passwordless? Should I be handling the passwordless/registration/authentication from a totally different process for security?

I'm not sure what the attack vector is here. The real danger with passwordless is:

• attacker gets access to a user's email account
• attacker intercepts email to user

I don't think what you suggest will help with either of those situations, but if I'm missing something, please let me know.

Looks like this is fixed in openjdk 15, so will be picked up when we roll that out (no timeline, but we are on 14 now).

@adam glad you were able to find a workaround.

I am assuming this won't be an issue in production as the SAML callback will be HTTPS -> HTTPS and not HTTPS -> HTTP.

I'm not sure, would need to set up a test environment. If you have a support contract, feel free to open a support ticket for us to do more investigation.

You could also set up a local proxy to have fusionauth be served over HTTPS (examples here) or you could use ngrok or something similar for your testing.

I'm not sure I understand your question.

The data is available when you retrieve the refresh tokens using, for example, the /api/jwt/refresh endpoint: https://fusionauth.io/docs/v1/tech/apis/jwt/

This helps you distinguish between different devices for an account, if you need to do so.

See also https://fusionauth.io/community/forum/topic/903/is-it-possible-to-limit-the-number-of-devices-a-user-can-login-with for a discussion of this.

You cannot share FusionAuth applications between tenants, unfortunately. They are a tenant scoped object.

If you want to sync application settings across tenants, you can use a client library or the API to script changes.

Hope that helps!

A conversation with @a-abbas: https://fusionauth.io/blog/2021/04/13/oggeh-fusionauth-gluu/

An excerpt:

OGGEH Cloud Computing is the only qualified Progressive Web Application (PWA) Agency by Google Developers in Africa and the MENA region. As well as the only Google Cloud Technology Partner in the Arabian countries! Actual users/customers are always looking for a simple way to manage their content at the backend. Something that does not involve writing mysterious markup like HTML and/or weird shortcodes as most plugins do (for WordPress, Joomla, Drupal, and others).

OGGEH Cloud Platform takes care of complex backend/infrastructure logic for security and scalability.

@mehamm

I am working on a multi tenant guide. Thank you very much for your feedback; I'll make sure to include it.

As you continue to build out your multi tenant application, please continue to post on the forum about your progress and/or any other questions.

We often hear our multi tenant support is a differentiator for FusionAuth, and would love to make it easy/clearer for everyone.