This is not present at the current time, but you can deploy FusionAuth in as little as 512MB of RAM. So depending on your use case, you could run FusionAuth locally.

If you needed to sync data between the local machine and a central server, the APIs might help.

But in general this is not a use case we've considered.

Feel free to open a feature request with more details about your use case: https://github.com/fusionauth/fusionauth-issues/issues

Good question.

JWTs are either signed or encrypted. For the most part, you will encounter signed JWTs. When a JWT is created by an authorization server, it is signed. The signature essentially functions as a way to say "this payload has been signed using this algorithm. If the payload is different than what was signed, then this JWT is invalid." It is important to not pass sensitive data in a JWT payload for the reason that it can be viewed, but if a malicious actor tries to tamper with the JWT, the signature will no longer match it, and it will be invalid.

Thanks @joshua !

Yes, that's correct.

In android app, we are using oidc react-native library.
The screen gets stuck after clicking login button.
Expected : Open fusionauth login page in in-app browser
Actual:
There is an error message
[Error: Invalid origin uri android-app://com.example/]

Because of how IIS process header (server) variables. You need to append HTTP_ to the headers and change dashes to underscores like so:

<set name="HTTP_X_Forwarded_Proto" value="https" /> <set name="HTTP_X_Forwarded_Host" value="mydomain.com" /> <set name="HTTP_X_Forwarded_Port" value="443" />

And now it works. It might be a good idea to add a page on this to the official docs too.

Yes, you can put anything in the user object that is documented here: https://fusionauth.io/docs/v1/tech/connectors/generic-connector/#using-the-generic-connector

You can return registrations which contain roles as outlined in the sample JSON in the link above.

Hope that helps!

Is this the same as https://fusionauth.io/community/forum/topic/1317/error-after-updating-the-password ? or different?

Please share any logfiles you see (you can go to "System" -> "Logs" in the admin UI to view them).

From other communication, you are running 1.19.7. My suggestions are:

See if the bug is fixed in a more recent version. You could always test by standing up a copy of your product database, upgrading it, and then seeing if the issue occurs. This would provide more info for us without impacting your production system. Look through the detailed release notes to see if we have fixed this bug, upgrade to that specific version: https://fusionauth.io/docs/v1/tech/release-notes/ If you have a paid support plan, open a ticket: https://account.fusionauth.io/account/support/

We're a small team and try to support everyone to the best of our ability, but supporting versions 10 minor releases behind the current release without a paid support plan is, as I'm sure you can understand, hard for us to do. Please help us by testing it out on the latest version or pursue one of the other options listed above.

Just as an FYI, it is extremely unlikely we will backport a fix to 1.19 (we almost never do that for functionality bugs), so if we found a bug and fixed it, you'd likely have to upgrade.

Hi @saitulasiram94!

FusionAuth can act as both SP and IdP via SAML.

You may want to review how Gmail integrates via SAML. If Gmail (as Idp) supports an SP or IdP initiated login from FusionAuth, then you should be able to integrate.

I have included our relevant documentation below.

https://fusionauth.io/docs/v1/tech/identity-providers/samlv2-idp-initiated/ https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/

Thanks,
Josh

With advanced threat detection you can block access to applications via IP ranges (it's touched on briefly here: https://youtu.be/pjGxOXamVfk?t=1209 ).

Advanced threat detection requires an enterprise license. Currently you can't lock a certain user to an IP range, though.

Please feel free to file a feature request with details of this use case if you'd like to see this implemented.

Hello, I got an issue after updating the password.

I attach the error image

Tested and verified this works. Feel free to use theme.data to your heart's content, @mmcnamara !

Perfect Joshua.

This gives me what I need!

Thank you!

@joshua Thanks for confirming the behavior I am seeing. I will try using a library to validate the jwt instead.

In 1.28.0, FusionAuth introduced a linking strategy and a first class 'link' object. This is part of the community/free edition.

This is how I'd approach that. You'd have to get the user to login via their social account and get their unique user Id (for, say, Google). This could be done via a page in your application.

Then you'd take that Google user Id and create a link using the APIs: https://fusionauth.io/docs/v1/tech/apis/identity-providers/links/

Here's more on this: https://fusionauth.io/docs/v1/tech/identity-providers/#linking-strategies

After the link is created, the next time the user went to login, they could use either their old email/password creds or the linked social login.

@yb98

I think what you are looking for is OAuth's back-channel logout. This is under consideration under ticket 465.

https://github.com/FusionAuth/fusionauth-issues/issues/465

As a workaround, you would have to use a backend (or another environment that can appropriately hide credentials) and make a call to revoke the refresh token on a user.

I may be misunderstanding your workflow, but I believe the above should point at a possible solution.

Thanks,
Josh

@james-hudson

One thing to try would be to turn on email debugging/logging to see if you are offered any additional clues.

Additional information can be found on our troubleshooting page

https://site-local.fusionauth.io/docs/v1/tech/troubleshooting/#troubleshooting-email

Thanks,
Josh

Thanks. I set up two databases now instead of just one and having both production and staging share it. But I find when I go into the FA control panel on staging and change things such as paths it changes the paths for both the staging and the production servers.

Where do I specify (for each server) what database should be used?