@quanvuong1102nd This looks useful: https://fusionauth.io/community/forum/topic/1463/sso-in-multitenant-application-like-slack

You may want to review that and see if it answers your questions.

I should also add, that skipVerification only works on a POST currently. When you are using this property, typically this is in the context of a user create or a user registration create. However, having a PATCH/PUT work for the verified attribute would likely be a solution in the same vein as those offered under issues 1319 and 285 mentioned previously.

Thanks,
Josh

@qermezkon

Can you please provide a bit more context to your request, such as the endpoint you are attempting to access, the data you want to send, any code snippets, etc.

This may be help us assist you.

Thanks,
Josh

@alex_deryabin

Thanks for the question! Can you provide the full request that you are sending (including endpoint)?

As I read the documentation,

This usage is generally intended to be part of an email workflow and does not require authentication. The changePasswordId used on this API request will have been previously generated by the Start Forgot Password API or by using the Forgot Password workflow on the FusionAuth login page.

You will want to make sure that you are including a changePasswordId in the request. Additionally, the link that you posted is part of a multistep process. Can you confirm how you are attempting to architect your request? Is this being used as part of a Forgot Password workflow or Start Forgot Password API?

Thanks,
Josh
FusionAuth

@talboom Thanks for your question.

We don't natively provide these. While you can have unlimited roles, we don't currently have a fine grained access model.

Please feel free to file a feature request: https://github.com/fusionauth/fusionauth-issues/issues with details about your use case.

Alternatively, we work well with authorization servers like Oso or Cerbos, which can offer such fine grained permissions. Here's an example integration with Cerbos: https://cerbos.dev/video/using-cerbos-with-fusionauth

@tecnologia If you are looking to migrate your data from a self hosted instance to FusionAuth Cloud, please review this documentation: https://fusionauth.io/docs/v1/tech/installation-guide/cloud/#migrating-a-deployment

This doc covers all the steps.

@developer

I'm not quite sure what you are asking for. Can you explain a bit more? Maybe with an example?

@syed-muneeb

Can you provide a bit more context about what you are trying to accomplish, the errors you are seeing, and other procedural steps?

This may enable us to better assist.

Thanks,
Josh
FusionAuth

Hi @yukeng_wu,

Have you had a chance to review our k8's guide? This might be a good starting place for troubleshooting, etc.

https://fusionauth.io/docs/v1/tech/installation-guide/kubernetes/fusionauth-deployment/

Thanks,
Josh

@oleksiikraieviy

The forum is a great place to get unstuck and ask questions - so thanks for the feedback! The scenarios you have listed here could have a number of different implementation considerations depending on context.

One place to start looking would be our documentation.

We have documentation around MFA below:

https://fusionauth.io/docs/v1/tech/account-management/two-factor-sms/

As well as documentation around passwordless below:

https://fusionauth.io/docs/v1/tech/guides/passwordless/

Finally, we have documentation around messengers below:

https://fusionauth.io/docs/v1/tech/messengers/

Some of the flows you describe should technically be possible, but would likely require custom integration code on your end.

user can reset password using SMS.
Third one is passwordless auth using only phone with SMS code.

For instance, as far as I am aware, these are not natively built into FusionAuth. This would be a custom integration.

Generic messengers are very extensible and can integrate in a number of ways with the right integration/glue code.

I hope this helps!

Thanks,
Josh

@simo-adonis This is not possible with FusionAuth currently.

Here's the tracking issue: https://github.com/fusionauth/fusionauth-issues/issues/1

@jojo-serquina Thanks!

For any future readers, you can see the state of this feature request here: https://github.com/FusionAuth/fusionauth-issues/issues/1536

@dan That will work just fine. With that I'll actually just make a quick service that takes in the arguments to adjust and it generate that json for me. Thanks!

Just because it would align with all my other triggered processes, I'll actually make it as a postgres function so I can call it with my graphql api via hasura. This will actually work very well.

@faisal-jamil

FusionAuth, as you can see, doesn't like to be run without being assured TLS is involved. That is what the warnings are about. It relies on the X-Forwarded-Proto to be assured that TLS is involved.

It looks like you have this:

User -> (TLS) -> Internet -> (TLS) -> NLB -> (HTTP) -> Ingress -> (HTTP) -> FusionAuth

Which seems like a fine architecture (because from the NLB to FusionAuth is presumably a private, secure network, so TLS is not needed). The question is, how do you tell FusionAuth that things are okay? That's why I suggested trying to set the header.

I do not know how to modify X-Forwarded-Proto to https, without terminating at the Ingress controller.

I also do not know how to do this. I suggest reviewing the AWS documentation and/or contacting AWS support.

If you have a FusionAuth edition including support, you can also file a support ticket and the engineering team will take a look. (If you do that, please reference this forum post.)