General Discussion

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

R

Fusion not leaving maintenance mode

postgres install • • randall

3

1
Votes

3
Posts

3.6k
Views

R

@pclark it's macOS
L

update user id

• • lambert.torres

2

1
Votes

2
Posts

1.6k
Views

D

@lambert-torres

Hiya,

There is no way to update a user Id after the account has been created. However, you can always specify a valid UUID when creating a user (and, indeed, most other FusionAuth resources).

Simply provide a valid UUID on the path of the POST request.

https://fusionauth.io/docs/v1/tech/apis/users#create-a-user has more.

Based on what you shared, that should work. Let me know if there's nuance I missed.

Thanks for using FusionAuth!

Dan
O

Cannot logout using the python client and logout api.

• • orrett

4

0
Votes

4
Posts

1.8k
Views

A

@orrett said in Cannot logout using the python client and logout api.:

I am using the python client to logout a user. Unfortunately I am getting a nondescript error from the server. Here is my code:
data = { 'global': 'False', 'refreshToken': req_data['refresh_token'] } logout = current_app.faclient.logout(data) if logout.was_successful(): return cr.custom_response({logout.success_response}, 200) else: print(logout.error_response) return cr.custom_response({'error': 'there was an error'}, 404)
The error I get in the console is <Response [500]>

On the FusionAuth server, I see the following stacktrace:
Aug 04, 2020 7:34:50.850 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown org.primeframework.mvc.parameter.convert.ConverterStateException: The primitive converter doesn't support String[] to Object conversion. at org.primeframework.mvc.parameter.convert.converters.AbstractPrimitiveConverter.stringsToObject(AbstractPrimitiveConverter.java:59) at org.primeframework.mvc.parameter.convert.AbstractGlobalConverter.convertFromStrings(AbstractGlobalConverter.java:89) at org.primeframework.mvc.parameter.el.Accessor.convert(Accessor.java:152) at org.primeframework.mvc.parameter.el.MemberAccessor.set(MemberAccessor.java:133) at org.primeframework.mvc.parameter.el.Accessor.set(Accessor.java:90) at org.primeframework.mvc.parameter.el.Expression.setCurrentValue(Expression.java:93) at org.primeframework.mvc.parameter.el.DefaultExpressionEvaluator.setValue(DefaultExpressionEvaluator.java:132) at org.primeframework.mvc.parameter.DefaultParameterHandler.setValues(DefaultParameterHandler.java:205) at org.primeframework.mvc.parameter.DefaultParameterHandler.handle(DefaultParameterHandler.java:121) at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:54) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:45) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at io.fusionauth.app.primeframework.FrontEndTenantWorkflow.perform(FrontEndTenantWorkflow.java:71) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:89) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:57) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at io.fusionauth.app.primeframework.CORSFilter.handleNonCORS(CORSFilter.java:291) at io.fusionauth.app.primeframework.CORSFilter.doFilter(CORSFilter.java:252) at io.fusionauth.app.primeframework.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:48) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at io.fusionauth.app.primeframework.FusionAuthMVCWorkflow.perform(FusionAuthMVCWorkflow.java:88) at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44) at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50) at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:82) at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:832)
I am using version 1.18.5

thanks my issue has been fixed.
S

JWT public keys are empty

• • stacey

4

0
Votes

4
Posts

1.4k
Views

D

@stacey Great. Did you end up getting it working?
J

Merge/Deduplicate/Combine user accounts

• • jose 0

2

0
Votes

2
Posts

793
Views

D

@jose-0 Hiya,

I'm not sure I totally understand your use case, but this should be doable using the APIs and some code. But it isn't going to be available out of the box.

If I were to do this, I'd build a page which let a user supply two email addresses and specify which one should be primary.

Then I'd write some code to send a random number to each email address and have them enter the number on that same page.

If the codes were correctly entered, I'd presume that the user was the same (all they really proved is that they had access to each of the email inboxes, though. If you wanted more assurance, you could use step up auth). Then you can use the User API to:
update the primary account with any data that should be moved. I'd definitely move the secondary email (perhaps in an array on the user.data field). They won't be able to use this email address to log in any more, but it still might be useful for your support staff or to display in your UX lock the secondary account so it is not usable any more.
None of this is out of the box with FusionAuth, but building on the APIs it should absolutely be possible.

Hope that helps, thanks for using FusionAuth!
L

remove user from all groups

• • lambert.torres

2

0
Votes

2
Posts

993
Views

D

@lambert-torres

Hiya, there is no API I know of that will remove a user from all groups, but you can certainly chain APIs. The way I'd do it would be to retrieve the user using the User API, iterate all user.memberships and get the groupId from each one. Then I'd use the Group API to remove the user from each group, using DELETE against /api/group/member?groupId={groupId}&userId={userId}

Hope that helps, thanks for using FusionAuth!
C

Example Request: FusionAuth / Spring Boot / React

• • ccaspanello

5

0
Votes

5
Posts

3.5k
Views

C

@joshua After digging deeper in the code it looks like this is actually a shared configuration file between the frontend and backend (which was a little confusing). But it doesn't look like the client actually uses the secrets or apiKey which is what I didn't think was safe. So I think I am good for now. Thank you for following up with me.

I'm understanding the Node JS side more ... I may be able to replicate this behavior in Spring Boot. If so I'll share my findings and maybe you guys can add this to your examples for future users.
L

Supported SP and IDP SAML Login

• • lsmith

4

1
Votes

4
Posts

1.3k
Views

J

@lsmith

This seems about right. Will review.

Thanks,
Josh
E

PUT/PATH /api/user NOT working :(

• • emudojo

2

0
Votes

2
Posts

555
Views

J

@emudojo Sorry for the delay

Were you able to figure this out?

Our documentation covers some nuances to the put/patch for this endpoint which you may be experiencing here.
https://fusionauth.io/docs/v1/tech/apis/users#update-a-user
Thanks,
Josh
E

Migrate user with its authenticator factor

• • evgeniya.gabrikova

3

0
Votes

3
Posts

2.2k
Views

D

@evgeniya-gabrikova Thanks so much for coming back and sharing your solution!

Avoids the "Wisdom of the Ancients" problem: https://xkcd.com/979/
Y

Solved Secure APIs

• • Yohan

3

1
Votes

3
Posts

3.8k
Views

Y

Hi dan,

Thanks for the reply, I ended up storing permissions in the user.data field.

I hope you'd consider adding the "entity grants to permissions" of the client credential flow in the authorization code flow in a future release, entity fits many needs and may ease integration.

We appreciate FusionAuth is very flexible, you're doing a great job 👏
P

Solved How to getting user list with application

• • prawee

4

0
Votes

4
Posts

2.2k
Views

J

Future Viewers Note:

This can be obtained via the User API
https://fusionauth.io/docs/v1/tech/apis/users#retrieve-a-user
You can view the user's registrations in the response:

user.registrations [Array]
The list of registrations for the User. This will include registrations for inactive applications.
V

Jwks doesn't have key to match kid or alg from JWT (client credentials token)

jwks jwt keys client creds • • vlad.koshkarov

2

0
Votes

2
Posts

6.9k
Views

V

The tenant is using the "Default signing key (HS256)" for the access token.
A

Gated Users still can get a JWT token

• • andrey.dzhezhora

2

0
Votes

2
Posts

700
Views

D

@andrey-dzhezhora

Hmmm. What does the login API return as a status code. My guess, from reading the docs, is that it returns a 212, as specified here: https://fusionauth.io/docs/v1/tech/apis/login#authenticate-a-user

This is still a kind of success, and if you are using the Login API, you are expected to consume the response codes and make appropriate limitations based on that.

Does that make sense?

If, on the other hand, you are getting a 200 for this user, that seems like a bug. Or at least something is going on that I don't understand.
O

The Reset Password Link is not valid

• • orrett

2

0
Votes

2
Posts

924
Views

O

Anyone seen this issue. I am still having this issue.
?

Using SAMLTEST.ID as the IdP with FusionAuth SAML v2

• • A Former User

1

1
Votes

1
Posts

1.2k
Views

No one has replied
?

This topic is deleted!

• • A Former User

1

0
Votes

1
Posts

6
Views

No one has replied
N

Deploying FusionAuth to K8s without root db username and password

• • nmetchev

3

0
Votes

3
Posts

1.5k
Views

P

@nmetchev @dan same issue but using with silent mode is ok.
J

Shared Users

• • john.porter

7

0
Votes

7
Posts

6.7k
Views

D

@utahtwo I tried that and was unable to make it work a few months back. @joshua filed an issue here: https://github.com/FusionAuth/fusionauth-issues/issues/1532

The simplest solution if you are self hosting is to run a different instance of FusionAuth on a different port against a different database. I've done that successfully.
A

[ExternalAuthenticationException]AppleIdToken

• • akash

7

1
Votes

7
Posts

2.3k
Views

A

@joshua

I have inserted the code and id_token in the API call as you mentioned and
My logs had been cut off, The following are the complete logs,
Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775] 7/7/2022 12:18:37 PM GMT Validate the provided [id_token] value [eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJldm9sdXRpb25jYXJzLmRlbW8iLCJleHAiOjE2NTcyODI1NzcsImlhdCI6MTY1NzE5NjE3Nywic3ViIjoiMDAwNzA1LjQ5YTA5ZjYyNTMyNjRhMDNhYTQ5N2ExYTlhYzI3MDY5LjE0MTciLCJhdF9oYXNoIjoiWTRsTVlESkRITHdteldpc3FzbTY2ZyIsImVtYWlsIjoiZ2FuZXNobW9vcnRoeTU5OTlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiYXV0aF90aW1lIjoxNjU3MTk2MTU5LCJub25jZV9zdXBwb3J0ZWQiOnRydWV9.aK7dDZdZSue6gCpmba0YL8PVX2qkbru-4DE0NNNBKBKnqN2uFmwgbcjYRqb-jj4UIKCibDcUSsd4mbD9wRHK4o8rH8M_ZCBdgJ8cIr1sx8JTQ7M1BOSyap7GsxWzPdR_stCJn7xWBeUulRtpWdemj-H3_6DwMQak0E4IG2ZxAdTwmTz464FGynmbmXQaKBqqLJP5WXFagLHZNFZeCd9Tr458B3__KGcPni912IwHLl1Yhhn-oqLm7RU5Ck5iTPZfvW2oZwljtdilCONVzXHsyHnL0hPZcvzrlxWXxXhljpg_VeuS-M53amL2JgAQRjloFARBqfRWW3zt5qdRYVYl1w] 7/7/2022 12:18:37 PM GMT Decode the [id_token]. 7/7/2022 12:18:37 PM GMT Assert the [iss] claim is equal to [https://appleid.apple.com]. 7/7/2022 12:18:37 PM GMT Assert the [aud] claim is equal to [com.revolutioncars.demo]. 7/7/2022 12:18:37 PM GMT Calculate the [c_hash] to ensure the integrity of the provided [code] value []. 7/7/2022 12:18:37 PM GMT The [id_token] integrity check failed. Expected a [c_hash] of [null] and found [47DEQpj8HBSa-_TImW-5JA].

11 / 29

Solved Secure APIs

Solved How to getting user list with application

This topic is deleted!