@andrey-dzhezhora

Hmmm. What does the login API return as a status code. My guess, from reading the docs, is that it returns a 212, as specified here: https://fusionauth.io/docs/v1/tech/apis/login#authenticate-a-user

This is still a kind of success, and if you are using the Login API, you are expected to consume the response codes and make appropriate limitations based on that.

Does that make sense?

If, on the other hand, you are getting a 200 for this user, that seems like a bug. Or at least something is going on that I don't understand.

Anyone seen this issue. I am still having this issue.

@nmetchev @dan same issue but using with silent mode is ok.

@utahtwo I tried that and was unable to make it work a few months back. @joshua filed an issue here: https://github.com/FusionAuth/fusionauth-issues/issues/1532

The simplest solution if you are self hosting is to run a different instance of FusionAuth on a different port against a different database. I've done that successfully.

@joshua

I have inserted the code and id_token in the API call as you mentioned and
My logs had been cut off, The following are the complete logs,

Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775] 7/7/2022 12:18:37 PM GMT Validate the provided [id_token] value [eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJldm9sdXRpb25jYXJzLmRlbW8iLCJleHAiOjE2NTcyODI1NzcsImlhdCI6MTY1NzE5NjE3Nywic3ViIjoiMDAwNzA1LjQ5YTA5ZjYyNTMyNjRhMDNhYTQ5N2ExYTlhYzI3MDY5LjE0MTciLCJhdF9oYXNoIjoiWTRsTVlESkRITHdteldpc3FzbTY2ZyIsImVtYWlsIjoiZ2FuZXNobW9vcnRoeTU5OTlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiYXV0aF90aW1lIjoxNjU3MTk2MTU5LCJub25jZV9zdXBwb3J0ZWQiOnRydWV9.aK7dDZdZSue6gCpmba0YL8PVX2qkbru-4DE0NNNBKBKnqN2uFmwgbcjYRqb-jj4UIKCibDcUSsd4mbD9wRHK4o8rH8M_ZCBdgJ8cIr1sx8JTQ7M1BOSyap7GsxWzPdR_stCJn7xWBeUulRtpWdemj-H3_6DwMQak0E4IG2ZxAdTwmTz464FGynmbmXQaKBqqLJP5WXFagLHZNFZeCd9Tr458B3__KGcPni912IwHLl1Yhhn-oqLm7RU5Ck5iTPZfvW2oZwljtdilCONVzXHsyHnL0hPZcvzrlxWXxXhljpg_VeuS-M53amL2JgAQRjloFARBqfRWW3zt5qdRYVYl1w] 7/7/2022 12:18:37 PM GMT Decode the [id_token]. 7/7/2022 12:18:37 PM GMT Assert the [iss] claim is equal to [https://appleid.apple.com]. 7/7/2022 12:18:37 PM GMT Assert the [aud] claim is equal to [com.revolutioncars.demo]. 7/7/2022 12:18:37 PM GMT Calculate the [c_hash] to ensure the integrity of the provided [code] value []. 7/7/2022 12:18:37 PM GMT The [id_token] integrity check failed. Expected a [c_hash] of [null] and found [47DEQpj8HBSa-_TImW-5JA].

We managed to figure it out. It was a build error where IntelliJ was not updating the dependency. Thanks for the help.

@t-vanherwijnen said in Choose/pick application flow:

Can you explain how?

Ah, there's no way to stop them being set on the FusionAuth side, sorry for the confusion. But your application, which gets the access token in a request from your client, can certainly choose to ignore any cookies it receives.

That's what I meant.

If you'd like to be able to configure FusionAuth to not send the cookies, that'd definitely be a feature request. Please feel free to file one: https://github.com/fusionauth/fusionauth-issues/issues

I'm also facing the same issue. When someone send me email. I am totally unable to get it in my inbox or spam folder. What is the appropriate solution to come out from it.

@ezeilo-su This looks like it got cut off. Can you re-post?

@quanluong1102nd this thread might be helpful: https://fusionauth.io/community/forum/topic/2054/fusionauth-websockets

Bug filed here: https://github.com/FusionAuth/fusionauth-issues/issues/1740

@jason Looks like a bug to me. Either a code bug (where we should update it) or a doc bug (where we should note that the lastUpdateInstant isn't changed).

Can you please file an issue about this: https://github.com/fusionauth/fusionauth-issues/issues and we'll slot that into our work queue.

For a workaround, the only thing I can think of is to listen for the user.deactivate event: https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-deactivate

You could create a custom user.data.deactivateTimestamp and set that when the webhook fires.

@audrew31

A JWT is stateless, so there's no 'online status'.

FusionAuth does tell you if a user has a valid refresh token, and that's the closest thing it offers.

Here's some more information about tokens that might be helpful to you: https://fusionauth.io/learn/expert-advice/tokens/

@nicholas-tsaoucis

You could either store off the user object on first login (into a session or something similar) or call 'retrieve user' using the user API and presenting a JWT.

https://fusionauth.io/docs/v1/tech/apis/users#retrieve-a-user

I don't think you're doing anything wrong by doing so.

@raomuneeb-khalil Thank you!

Created a Github issue here https://github.com/FusionAuth/fusionauth-issues/issues/1731

@dan thanks a lot, it works.