Something is very wrong. I don't know if this is something anybody else is facing, but I changed to a RS256 key and used the public key on jwt.io and it is still invalid. I cannot validate a JWT outside of /api/jwt/validate. This is a really big deal to me to be able to do something as simple as validating. Please let me know if I am in error, but if I can't get this to work I cannot continue using fusionauth and that's a big bummer to me as I had high hopes for this service.
This is exactly what I was looking for to solve my problem.
Thank you very much.
@bharath-yadavally You could absolutely use the 2 step approach you outlined. There are two different approaches that have different strengths and weaknesses.
The tradeoffs are that if you make those two calls, you're depending on the identity provider to be up and available to your backend service. You're tightly coupling the backend service to the identity provider.
That can work fine, but as you scale, more and more backend services will be making those calls, and the idp and speedy connections to it become more and more critical to your application.
Contrast that with the webhook approach, where the data is pushed to every backend service, and only when a user is deactivated. In this case, there'll be far less coupling with the identity provider, at the cost of more complexity on the backend service side.
We recently updated the documentation to make it more clear you shouldn't use the /api/jwt/reconcile endpoint for any identity providers except the external JWT provider. We'll change the application to make the error message clearer; here's the tracking issue: https://github.com/FusionAuth/fusionauth-issues/issues/2074
You are saying you want to send the registration email yourself, not automatically with FusionAuth?
(There are two possible verification emails. One is for a user creation, which verifies their email whenever someone creates a user, for any application. Another is for registration verification, which again checks their email but only when someone registers for a certain application.)
If that is the case, use the skipVerification and skipRegistrationVerification settings if using the API. There are analogous settings in the admin UI as well.