FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. voidmain
    V
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 4
    • Best 1
    • Controversial 0
    • Groups 2

    voidmain

    @voidmain

    administrators

    2
    Reputation
    2
    Profile views
    4
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    voidmain Unfollow Follow
    Staff administrators

    Best posts made by voidmain

    • RE: Does FusionAuth support paseto tokens?

      In my opinion, JWTs aren't insecure by default. Rather, they have the ability to be insecure via the none algorithm, while in practice, no one ever uses the none algorithm and FusionAuth doesn't even support it. In most cases, JWTs are only signed and there is an entirely separate specification for encryption, which is quite complex.

      Paseto on the other hand is always secure via signing or encryption. Having signing and encryption baked into a simpler specification is a plus. That doesn't necessarily mean that JWTs are bad though. And certainly FusionAuth's support for JWTs is always secure via signing.

      posted in Q&A
      V
      voidmain

    Latest posts made by voidmain

    • RE: Set up SSL for Netty

      We will be moving off Netty to a new HTTP server in the coming weeks. This new server will have the ability to add TLS keys and we are expecting that to be available via the FusionAuth configuration file. In the meantime, the best solution is to use Nginx or Apache in front of FusionAuth to provide TLS.

      posted in Q&A
      V
      voidmain
    • RE: Unable to connect to database

      @tarun-verghis Ensure your database is listening on a valid IP and that you have the ability to connect to it using username/password. This is usually configured in the pg_hba.conf file and requires a line like:

      host    all             all             127.0.0.1/32            md5

      If you only have lines that say trust then FusionAuth won't be able to connect since it doesn't support local sockets or local connections.

      posted in Q&A
      V
      voidmain
    • RE: Does FusionAuth support paseto tokens?

      In my opinion, JWTs aren't insecure by default. Rather, they have the ability to be insecure via the none algorithm, while in practice, no one ever uses the none algorithm and FusionAuth doesn't even support it. In most cases, JWTs are only signed and there is an entirely separate specification for encryption, which is quite complex.

      Paseto on the other hand is always secure via signing or encryption. Having signing and encryption baked into a simpler specification is a plus. That doesn't necessarily mean that JWTs are bad though. And certainly FusionAuth's support for JWTs is always secure via signing.

      posted in Q&A
      V
      voidmain
    • RE: How use mobile number for authentication

      Hi @mehr-prs. We have an open issue that is tracking this:

      https://github.com/FusionAuth/fusionauth-issues/issues/1

      This feature is to support multiple identities, but it also covers adding new identity types. As part of this feature, we likely will implement support for phone number identities including full validation and verification for them.

      Please upvote that issue if you feel it covers your requirements. This helps us prioritize features on our roadmap for the rest of 2020.

      posted in Q&A
      V
      voidmain