Posts tagged 'tutorial'

Adding single sign-on to a Next.js app using OIDC

Single sign-on (SSO) is a session and user authentication technique that permits a user to use one set of login credentials to authenticate with multiple apps. SSO works by establishing trust between a service provider, usually your application, and an identity provider, like FusionAuth.

READ MORE

Using FusionAuth User Actions

In this tutorial, you’ll create FusionAuth User Actions to flag a user and send emails and webhook notifications when they buy temporary access to a news site.

User Actions in FusionAuth can be quite powerful. They are often used to temporarily disable access for a user when there has been some violation or the account needs review. However, they can be used in positive scenarios as well.

READ MORE

Adding single sign-on to a Laravel app using Socialite and OIDC

Single sign-on (SSO) is a session and user authentication technique that permits a user to use one set of login credentials to authenticate with multiple apps. SSO works by establishing trust between a service provider, usually your application, and an identity provider, like FusionAuth.

READ MORE

Adding magic links to your Next.js application using FusionAuth

In this guide, you’ll build a web application using Next.js that allows a user to sign up and then login using a magic link sent to their email address.

READ MORE

Using and Managing Consents in an Express App

In this tutorial, we’ll build a basic Node.js and Express web application with advanced user registration and authentication via FusionAuth. We’ll create a custom registration form, along with custom consent options for marketing preferences, and set up self-service options for users to update their profile and consent permissions.

READ MORE

Adding single sign-on to your Django web application using OIDC

Single sign-on (SSO) is a session and user authentication technique that permits a user to use one set of login credentials to authenticate with multiple apps. SSO works by establishing trust between a service provider, usually your application, and an identity provider, like FusionAuth.

READ MORE

Adding sign in to your Spring web application using OIDC

In this tutorial, we’ll build a basic Java and Spring web application that does user registration and authentication. You’ll use FusionAuth to provide this functionality.

READ MORE

Adding Twitter sign in to your Node.js + Express web application using OAuth

In this tutorial, we’ll build a basic Node.js + Express web application which does user registration and authentication via FusionAuth. We’ll also hook FusionAuth into Twitter’s authentication system, to allow users to easily log in to your app via Twitter.

READ MORE

How to migrate from Azure AD B2C

Azure AD B2C is a serverless CIAM offering from Microsoft Azure with integration across many Azure services. It offers authentication and authorization for users. Azure AD B2C supports a number of OAuth grants, including the Authorization Code grant, the Implicit grant and the Client Credentials grant.

READ MORE

FusionAuth Remix demo

Remix is the new hotness in web development! It is an attempt to solve some of the performance issues of React by cleverly splitting up server-side code (called Loaders and Actions) from the functionality that absolutely must be shipped to the client, such as JavaScript and CSS for transitions. It also offers benefits in accessibility through a commitment to using web standards and progressive enhancement. Remix allows for almost all parts of the stack to be easily swapped out, e.g. you can choose from several different datastores that are pre-packaged with Remix for your convenience.

However, new users should be aware that the authentication functionality currently shipped with the basic Remix package does not conform to current best practices.

READ MORE

Using Single Sign-on with Discord and FusionAuth

Discord is a popular instant messaging and VoIP platform that allows users to form communities around common interests. There are a few reasons you might want to use Discord as your SSO identity provider. Discord is often used by hobby communities ranging from programming, gaming, and electronics to less technical things like finance and cooking. If there’s a community, there’s a good chance they have a Discord server. If you’re building a service aimed at one of these communities, using Discord as your SSO provider can make a lot of sense, allowing your users to log in with an account they already have rather than going through yet another registration process.

READ MORE

How to Set Up Single Sign-On (SSO) Between FusionAuth and Shopify

With the rise in the number of internet users, companies feel the need to retain their customers as well as gather information about them. A user management system has thus become a vital part of modern application development. However, without the right tools, it quickly becomes difficult to manage users, especially when you have multiple interrelated services; for example, an application might have an accompanying forum system.

READ MORE

How to Set Up Single Sign-On (SSO) Between FusionAuth and Drupal

User management is an indispensable component of any modern application. A complete user management solution allows users to log in to an application or register a new account, provides administrative capabilities to admins, and acts as a central location for all user information. Because this is so vital, almost every application implements its own user management system.

READ MORE

Implementing RBAC in Kubernetes with FusionAuth

Role-based access control (RBAC) is an authorization protocol that restricts system access based on the roles of a user within an organization. In RBAC, permissions are assigned to roles and roles are assigned to users so that no user is directly assigned a permission. A user is then granted the permissions available to the role(s) they have been assigned.

READ MORE

Extending FusionAuth roles with Cerbos

FusionAuth offers role based access control (RBAC). This is common in auth systems. RBAC tags each user with one or more roles. Roles are interpreted by any application receiving user information from the auth system, often in a JWT to determine what actions are allowed or denied.

READ MORE

How to Set Up Single Sign-On Between FusionAuth and WordPress

User authentication is one of the most important parts of building any application, and almost every application features some sort of authentication. However, it quickly gets difficult to manage authentication when you have multiple related but independent applications to maintain.

READ MORE

How to Set Up Single Sign-On Between FusionAuth and Joomla

When you are maintaining a large number of websites, it can be difficult to keep track of all of the administrator logins required. What’s more, it can lead to lapses in security if you’re constantly losing and having to reset your password, or worse, keeping them written down somewhere.

READ MORE

Securing a Go Microservice with JWT

JSON Web Tokens (JWTs) offer a mechanism to share a set of claims or attributes from client to a server providing microservices in a cryptographically secure way. JWT secures the service-to-service communication and also can pass end-user context across microservices.

READ MORE

Setting up single sign-on (SSO) with FusionAuth

Single sign-on (SSO) lets your users access two or more applications with a single set of credentials. Properly implemented, it makes your users’ lives easier; they sign in once and don’t have to log in when they switch between various applications.

READ MORE

How to securely implement OAuth in Ruby on Rails

In this tutorial, we will walk through setting up a basic Ruby on Rails app to securely authenticate with an OAuth2 server using the authorization code grant.

READ MORE

Adding native integrations to your app with FusionAuth and Xkit

FusionAuth and Xkit came together for this blog post to share how you can use our services to boost your engineering team’s productivity. If you’re working on growing your SaaS business, you know just how much your engineers have on their plates. At both FusionAuth and Xkit, we believe that outsourcing what you can – like authentication and integration infrastructure – lets your team focus on the products and services that drive your business.

READ MORE

Manage custom user profile data in the FusionAuth admin

Letting a user register and provide custom profile data solves the problem of bringing such data into your auth system. But how can you manage the data as it changes over time?

After people register, you will want to enrich or change their profile. Sometimes this happens via automated systems. In that case, you can use an API. But what if you want to allow employees or other humans to update a user profile data?

READ MORE

Securing a Flutter App with OAuth

Today, Flutter has become one of the most talked about cross-platform mobile development frameworks. It competes with React Native in the number of GitHub stars. Most developers who have experienced Flutter development enjoy how one can configure and build beautiful user interfaces. There is no doubt Flutter is among the top contenders for developers when picking a mobile development framework for a new project.

READ MORE

JWT authorization in a microservices gateway

In a recent article, we set up an API gateway with microservices for an eCommerce enterprise. FusionAuth handled our centralized authentication and then we passed user details for authorization to the microservices.

READ MORE

Controlling a hotspot with FusionAuth authentication

In this post, the goal is to allow web browsing only for users who have been authenticated. Imagine a campsite, a hotel, or a company that wants to provide this service to its visitors. There should also be adequate network infrastructure, but that’s beyond the scope of this post.

The proposed solution is a minimal, functional and highly customizable proof of concept.

READ MORE

Securing A Golang App with OAuth

In this tutorial, we are going to learn how to secure a golang program with OAuth while using FusionAuth as the auth provider. Authentication and authorization are essential for any application, and golang apps are no different.

READ MORE

How to migrate your legacy user data to a centralized auth system

Once you have migrated an application to use a modern identity provider, how can you migrate your users?

READ MORE

How to migrate your legacy user data to a centralized auth system

Once you have migrated an application to use a modern identity provider, how can you migrate your users?

READ MORE

Securing your legacy PHP business application with OAuth

Sometimes applications get written by interns. Sometimes prototypes get put into production. Sometimes crufty old apps, called “legacy” by some, are termed “money makers” by others. Once you introduce an auth system such as FusionAuth, you typically want to have all applications use it, even those not written with OIDC/OAuth in mind.

READ MORE

Authenticating with AWS Managed Microsoft Active Directory and LDAP

Microsoft’s Active Directory is a common enterprise user data store. If you are building apps for users authenticated by Active Directory, you might want to connect FusionAuth to it. Another common use case is to have some applications for internal users which should be authenticated against Active Directory and other applications for people outside your organization, with user data stored in FusionAuth. FusionAuth can act as a CIAM for your external users, but delegate authentication of internal accounts to Active Directory.

READ MORE

Centralized authentication with a microservices gateway

In this article, we’re going to implement authentication and authorization for a gateway API application that routes to two different microservices. FusionAuth will be the auth server for the gateway.

READ MORE

Building a user profile portal with Flask, OAuth, and APIs

Once a user registers, you can view their data in the administrative user interface. But how can you allow the user to view or change their data themselves?

READ MORE

How to theme FusionAuth's advanced registration forms

When a user is registering, the last thing you want to do is get in their way or confuse them. In this tutorial, you’ll improve an advanced registration form’s display by modifying a theme.

READ MORE

How to use FusionAuth's advanced registration forms

I don’t know you very well, but I’m guessing you want more users for your application. Registration is a major part of the initial user experience. As an application developer, you need to balance getting the information you need with making it easy for a new user to get started.

READ MORE

Securing React Native with OAuth

In this tutorial, we will set up a React Native application to work with OAuth. We’ll use FusionAuth for auth, but the React Native code should work with any OAuth compliant server.

READ MORE

Breached Password Detection: How to Lock User Accounts with a Webhook

Suppose you have an application to which access is so sensitive that if any user’s password is found to be breached, the account should immediately be locked; the user should not be able to sign in. While you can force a user to change their password out of the box, an outright lock option isn’t built-in. What can you do?

READ MORE

How to Securely Implement OAuth in Vue.js

In this article, we will discuss the step-by-step process of implementing the OAuth Authorization Code Grant in a Vue.js app. We’ll use FusionAuth as the IdP and also show you how to configure FusionAuth.

READ MORE

How to enable breached password detection with FusionAuth

While there are many ways for people to authenticate with online systems, usernames and passwords are still commonly used credentials. Unfortunately, many passwords have been compromised and made available on the Internet. When combined with the fact that users often reuse passwords across different systems, this means that your application or site may be at risk through no fault of your own.

READ MORE

Adding social sign in to your Django web application using OAuth

In this tutorial, we’ll build a basic Django web application which does user registration and authentication via FusionAuth, an authentication platform with some unique features.

READ MORE

How To Use FusionAuth's Multi-Tenant Feature To Create A Private Label Offering

Sometimes you just need a little space, right? Tenants in FusionAuth can provide logical separation of users and applications while letting admins manage one FusionAuth installation.

READ MORE

Using OAuth and PKCE to Add Authentication to Your Gatsby Site

Gatsby is one of the most popular JavaScript static site generators available. While static sites offer excellent performance, they only store state locally in the user’s browser, so they can’t provide features like user authentication natively. If you want to add authentication to your Gatsby site, FusionAuth is an excellent solution.

READ MORE

Building a CLI app with the Device Code grant and golang

Ever need to authenticate a user from a device that doesn’t provide a great interface for logging in? Maybe your device is a smart TV, a Raspberry Pi, or perhaps a CLI app? Oh and you’re a fan of Golang? Well, then this is the post for you!

READ MORE

Securing a Ruby on Rails API with JWTs

Ruby on Rails is a modern web framework, but also a great way to build an API. The ability to quickly jam out your business logic, the ease of creating and modifying data models, and the built-in testing support all combine to make creating a JSON API in Rails a no brainer. Add in a sleek admin interface using something like RailsAdmin and you can build and manage APIs easily.

But you don’t typically want just anyone to consume your API. You want to ensure the right people and applications are doing so. In this tutorial, we’re going to build an API in Ruby on Rails 6, and secure it using JSON Web Tokens (JWTs).

READ MORE

User registration and sign-in with Laravel and FusionAuth

Laravel is one of the most popular PHP application frameworks in the marketplace today. While it includes a simple authentication model, most large-scale applications will outgrow it pretty quickly. FusionAuth pairs well with Laravel because it can handle more complex user authentication models, roles, single sign-on, and more.

READ MORE

ASP.NET Core Example with Custom Claims

Previously, we used ASP.NET Core to build a web application with a single protected page. Let’s extend the application to display the role of the user in FusionAuth as well as a custom claim. We’re going to create a group, assign a role to that group and then place our user in that group. We’ll also explore modifying our JSON Web Token (JWT) by using a lambda to expose the user’s favorite color. Finally, we’ll display all the claims on the “Secure” page.

READ MORE

Using Java to manage FusionAuth

In this tutorial, we’re going to illustrate how to use Java to accomplish various tasks with FusionAuth, programmatically. In order to speed up our development time, we’ll use the FusionAuth Java client library, which comes with already-built methods that we’ll use instead of building things from scratch.

READ MORE

Setting Up Single Sign-on For NodeBB

NodeBB is a modern well supported forum software package. It has many plugins and provides a great user experience. Unlike hosted forums, you can run this on your own domain, which has UX and SEO benefits.

In this post, we’ll show you how to set up single sign-on (SSO) for your NodeBB forum.

READ MORE

Securing an ASP.NET Core Razor Pages app with OAuth

Previously, we used .NET Core to build a command line tool to add users to a FusionAuth user identity management system. In this tutorial, we’ll build out a web application with a protected page. We’ll use Razor Pages and have both login and logout happen against FusionAuth, using the Authorization Code grant.

READ MORE

Creating a user in FusionAuth with a .NET Core CLI client

In this post, we’ll build a command line client for FusionAuth with C# and the .NET Core libraries. We’ll set up FusionAuth and then add a user to an application from the command line interface (CLI) tool we’ve built.

READ MORE

How to securely implement OAuth in Angular

In this post, we’ll walk through setting up an Angular app to securely authenticate with an OAuth2 server. We’ll use a proxy server between the Angular application and the OAuth server, in order to use the authorization code grant (rather than the insecure implicit grant).

READ MORE

How to integrate with FusionAuth using PHP

FusionAuth is a ubiquitous authentication, authorization, and user management solution that can be deployed on any platform and integrated with any programming language. In this tutorial, we’re going to demonstrate how to integrate FusionAuth with PHP.

READ MORE

How to Securely Implement OAuth in React

In this post, we’ll walk step-by-step through implementing the OAuth Authorization Code Grant in a React app. This is the most secure way to implement OAuth and often overlooked for single-page applications that use technologies like React. We’ll use FusionAuth as the IdP and also show you how to configure FusionAuth for this workflow.

READ MORE

Deactivating, reactivating, and deleting a FusionAuth user in Python

Did you know that you can deactivate, reactivate, or delete a user within your applications using API calls from the FusionAuth Python client library? These tools are great for data conscious organizations, executing your organization’s data handling compliance policies (Learn more about GDPR data compliance here), and fast user management for developers using FusionAuth. This tutorial will give us a chance to explore more of the FusionAuth Python client library while learning about these three valuable API calls.

READ MORE

Implementing FusionAuth with Python - from setup to first app

Welcome to our FusionAuth Python Library introduction tutorial! Today we will take a tour of the FusionAuth Python client library and get to know the basics of FusionAuth. This step-by-step guide will walk you through FusionAuth setup to building your first functional Python application with FusionAuth and then retrieving user profile information.

READ MORE

Using Webhooks In FusionAuth To Delete User Data

If your inbox looks anything like mine, you’ve seen hundreds of messages from companies updating their privacy policies and terms of service. This is mainly due to the European Union’s General Data Protection Regulation or GDPR, which went into effect on May 25, 2018. The GDPR grants a set of “digital rights” to EU citizens, including a “right to erasure.” Basically, this means a user can request that their data be deleted, and there can be substantial fines if a company is not able to honor these requests.

READ MORE

Easy Integration of FusionAuth and Node.js

There are a variety of strategies for authentication in Node.js apps, but none provide the security, features and complete user management that come with FusionAuth. In this tutorial we’ll start with a simple Express application and show you how to add FusionAuth to register and authenticate users.

READ MORE

Easy Integration of Spring and FusionAuth

Making a Spring application with FusionAuth is easy. Follow the steps below and in about an hour you’ll have FusionAuth providing user login and authorization for your application. Or you can be up and running in just a few minutes by using our example app.

READ MORE