FusionAuth Blog

Get the latest updates on FusionAuth, security, general coding and major geekery here.

  • Login with Twitter - Oh, the Humanity!

    Login with Twitter - Oh, the Humanity!

    by

    When we built out our social login support in FusionAuth we were forced to navigate the harrowing path to signing our OAuth v1 requests to Twitter.

    If you’ve ever done this in Java, you may know there isn’t a great option off the shelf to make this easy, or if there is I was unable to find it. Since we had to do some heavy lifting, we decided to share our work with the Java community.

    TL;DR See source code on Gist.

    Read More
  • FusionAuth 1.5 Adds Passwordless Login

    FusionAuth 1.5 Adds Passwordless Login

    by

    Logging in without a password? In what fantasy land can that be secure?!? The fact is it can be much more secure than traditional passwords, and is now supported in our newest release. FusionAuth 1.5 is now available for direct download, FastPath one-line install, Homebrew or Docker. It includes new features, a few changes, and minor fixes for issues discovered by QA testers and our growing community of users. Get the brief overview below, and visit our release notes for the full details.

    Read More
  • Using Webhooks In FusionAuth To Delete User Data

    Using Webhooks In FusionAuth To Delete User Data

    by

    If your inbox looks anything like mine, you’ve seen hundreds of messages from companies updating their privacy policies and terms of service. This is mainly due to the European Union’s General Data Protection Regulation or GDPR, which went into effect on May 25, 2018. The GDPR grants a set of “digital rights” to EU citizens, including a “right to erasure.” Basically, this means a user can request that their data be deleted, and there can be substantial fines if a company is not able to honor these requests.

    In this post, we’ll show how to set up webhooks in FusionAuth to delete all of a user’s data when they delete their account. In FusionAuth, webhooks are used to subscribe or listen to events in the system, so we’ll create a webhook that listens to the user.delete event.

    Read More
  • Let's talk about JWTs baby!

    Let's talk about JWTs baby!

    by

    Let’s talk about JWTs (JSON Web Tokens, pronounced “jot”). JWTs are becoming more and more ubiquitous. Customer identity and access management (CIAM) providers everywhere are pushing JWTs as the silver bullet for everything. JWTs are pretty cool, but let’s talk about some of the downsides of JWTs and other solutions you might consider.

    Read More
  • Is FusionAuth GDPR Compliant?

    Is FusionAuth GDPR Compliant?

    by

    It’s been about a year since the General Data Protection Regulation (GDPR) became fully enforceable. Are you compliant yet? We started making FusionAuth GDPR compliant as soon as the regulation was adopted, although to be honest, there wasn’t a lot we needed to do. We fully agree with these regulations and feel they provide effective guidelines that any application should follow with their users’ personal data. If you are trying to catch up with the GDPR news, read our Developer’s Guide to the GDPR here and you’ll have a good idea of what you should be aware of. Our developers have been working with these concepts for years now, so it was exciting to see our caution around user data validated.

    Read More