NextAuth, SSO with the Login API, and duplicate key errors

Top highlights from the FusionAuth forum in May.


Published: June 2, 2021

The FusionAuth community has an active online forum, and I wanted to highlight some recent topics. In general, forum discussions focus on FusionAuth, how to solve problems with it, and how to integrate the auth system with other software packages and systems.

If you want to participate, you need a free account. Or, check out the forum without signing up to view current discussions. Here are some of the most active forum posts during May 2021.

NextAuth and FusionAuth

Post: FusionAuth + NextAuth refresh tokens

In this post, naughtly.keller is sharing how they are building an application with Next.js, NextAuth, FusionAuth and Hasura. In particular they are wondering about refresh tokens and how they work in this context. They also learned about lambdas, mapping claims, the userinfo endpoint, and the introspect endpoint. FusionAuth team member Joshua also chimed in with some helpful feedback and links.

Refresh tokens are a part of the OAuth2 standard and allow you to mint new access tokens without requiring a user to re-authenticate.

At the end of the day, naughtly.keller posted a few times about their progress. Eventually they got the integration working smoothly:

At the end of the day, the correct implementation was so smooth I doubt it will need a tutorial.

This is the kind of post I love to read. Forums, and learning in public in general, are great venues to share what you are stuck with, what you’ve tried, and the progress you’ve made.

Single Sign-On (SSO) with the Login API

Post: Is there an example of how to authorize a user to an app and allow them to access after using the login API?

In this post, fred.fred is asking about how to integrate an existing SSO system and FusionAuth. FusionAuth team member Joshua offers suggestions and clarifying questions. The discussion also highlights the difference in functionality (particularly around SSO) between the hosted login pages and the login API.

This discussion covers a lot of ground and includes a great architecture diagram from fred.fred. That’s one of the things I love about working in the CIAM space. There are so many different approaches to problems; this flexibility allows you to create solutions that work for you.

At the end of the day, fred.fred found a solution which involved making “a host portal site protected by FA login, which will issue the cookies and sessions, to allow access into protected, registered content, after successful login.”

Duplicate key errors with an API Gateway

Post: Facing duplicate key errors on high load

jm.oliver is using an API Gateway and FusionAuth. The API Gateway, as the name implies, protects APIs. It does so by extracting credentials from the client request, exchanging them for a JWT from FusionAuth, and using that token for further requests from that same client. (This type of architecture is a common pattern; here’s a blog post about JWT authorization in a microservices gateway.) This system is also using Connectors to verify the presented credentials.

After a bit of back and forth, this forum post resulted in an issue being filed.

This topic illustrates one of the benefits of the FusionAuth community. When people use FusionAuth in different ways, they uncover issues with the software (no software package is perfect, after all). Bugs get filed, discussed and fixed.

Join us in the forum

If you have a question about how to use FusionAuth, a blog post you’d like to share, or want to give feedback, please check out the FusionAuth forums.

More on forum

Subscribe to The FusionAuth Newsletter

A newsletter for developers covering techniques, technical guides, and the latest product innovations coming from FusionAuth.

Just dev stuff. No junk.