@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens
mark.robustelli
@mark.robustelli
Best posts made by mark.robustelli
-
RE: Missing data.salution in /ouauth/userinfo which replaces /api/user
@kiouplidis I found this in the documentation.
In version 1.50.0 and later, the UserInfo response can be customized with a lambda using the oauthConfiguration.userinfoPopulateLambda value of the application object. See UserInfo populate lambda.
In FusionAuth, you can add custom data to the oauth2/userinfo endpoint response using a Lambda function. This function can add extra claims to the UserInfo response. Here's an example of a simple Lambda function that adds a few extra claims:
function populate(userInfo, user, registration, jwt) { // Add a new claim named 'favoriteColor' from a custom data attribute on the user userInfo.favoriteColor = user.data.favoriteColor; // Add a new claim named 'dept' using a custom data attribute on the registration userInfo.dept = registration.data.departmentName; // Copy a claim named 'applicationId' from the provided JWT userInfo.applicationId = jwt.applicationId; // Create an event log of type 'Debug' when the lambda has Debug enabled console.debug('Added custom claims to the UserInfo response'); }
In this example, the favoriteColor and dept are custom claims added to the UserInfo response. These claims are derived from the custom data attributes on the user and registration respectively.
Please note that the Lambda function needs to be assigned to an application in FusionAuth for it to take effect. -
RE: Salesforce error: Id_Token_Error: Missing or invalid iss
Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?
-
Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key
I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.
I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.How do I add the required key to FusionAuth?
Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'. -
RE: 3rd Party Authentication
@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.
Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?
-
Using Analytics to Track Registrations
What is the best way for analytics tracking after a user has successfully registered?
-
RE: 3rd Party Authentication
@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.
-
Multi-Region Cloud Setup
Does FustionAuth support multi-region active-active set-up for cloud services?
-
RE: 3rd Party Authentication
@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select
Applications
. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here. -
RE: Add User to group not working
@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.
Latest posts made by mark.robustelli
-
RE: Check user's status ( Active or Inactive) in Forgot Password process in order to Allow/Reject the Resetting password process
@hareply1 I assume the status field is a custom field? You can use the APIs to query the user and then allow or not allow based on that.
-
RE: Handling webhook failures
@stefan-0 I tried to test this out on my own. I set up a webhook that I know worked, then changed the url so it would fail. Here is the log from the failed attempt.
Then I go to the Webhook log and see:
If I dig into the one that failed, I see:
Notice the ID in the general event is:
Id [9f9faf2d-7d32-48ce-98ee-76a31c43cac2]And in the source of the Webhook Log, you see the id is:
"id" : "9f9faf2d-7d32-48ce-98ee-76a31c43cac2"Hope this helps.
-
RE: Handling webhook failures
@elliotdickison This looks similar to issue 2440.
After looking at the docs can you use the "random ID for the event" to look it up on the Webhook log and view the source to get the user ID?
-
RE: Login user after setting password
@aponski There are some suggestions in issue 2110 that you may be able to use.
-
RE: JWT Refresh Returning 400
@matt-3 Have you enabled logging in FusionAuth? I would start there to see if there is anything happening internally that is causing the 400 response.
-
RE: Azure AD token absent in link API response
@stefan-0 Are you getting the user-id from the Retrieve a Link api call? That can me if you are making the API call successfully. I may be missing something, but I think the Retrieve a Link returns information about the Identity Provider. I don't think that will get you the token. Am I missing something? You may want to take a look at Complete an OpenID Connect Login.
-
RE: Is it possible to add a custom identity provider or modify OpenID Connect?
@adam-rahman I heard back from TikTok. Not a very detailed response, but pretty clear they are not going to change anything.
"
Thank you for reaching out to TikTok for Developers Support.I'm sorry that this can't be changed at present.
"For now, I will continue to push the issue internally. If there is progress, we will update the Github issue.
-
RE: Is it possible to add a custom identity provider or modify OpenID Connect?
@adam-rahman Thanks. I'll keep an eye on this as well and reach out if I see any movement or hear anything.
-
RE: Is it possible to add a custom identity provider or modify OpenID Connect?
@adam-rahman It looks like TikTok is not adhering to the OAuth2 standards. I'm not sure why. I have put an email into them to see if there is any reason and I will let you know if I hear anything back. I have looked around a bit, and cannot seem to find a why to change the parameter in the querystring through FusionAuth. There is currently an open Github issue for this. I added a comment but I suggest you go and upvote it too. You may also want to reach out to TikTok and ask them to get compliant.