Sure, you want to use the patch identity provider method: https://github.com/FusionAuth/fusionauth-java-client/blob/master/src/main/java/io/fusionauth/client/FusionAuthClient.java#L1575

You'll want to update the application configuration section: https://fusionauth.io/docs/v1/tech/apis/identity-providers/

Be aware that there is an open issue regarding this: https://github.com/FusionAuth/fusionauth-issues/issues/767 If this affects you, please upvote it so that it moves up in our priority list.

This also may be worth reading: https://fusionauth.io/community/forum/topic/510/update-identity-provider

Ok, I've created a feature request.

Hi @richb201 ,

Are you asking what the security implications are for not using passwords at all?

That's hard to give general guidance on, as that depends on how good users are at keeping their email accounts safe.

In general it's going to be pretty good because people tend to care more about their email accounts and pay more attention to them than some random account they signed up for 6 months ago and haven't checked since.

Also in favor of this is the fact that the passwordless codes are time limited (configurable in the tenant).

But, as I'm sure you can understand, I can't do a thorough security analysis because I don't know the full details of your scenario.

Nope, this is the recommended solution.

If you think there's a valid use case for having this be supported natively (without the webhook), please file an issue with a feature request, including as many details as you can: https://github.com/fusionauth/fusionauth-issues/issues

Ah, I see how that could be confusing. Sorry about that. Glad you got it sorted out and it works!

We just did some testing and it appears that JFrog Artifactory can now use FusionAuth as a SAML ID Provider.

Thanks again for the quick work on this issue.

Tom M

'Tis I indeed! Continuing my signature moves of knowing juuuuuust enough to be dangerous to myself and others LOL. I'm checking the settings now, thanks to you and Dan for the support!

@cody-braddock you'll also want to ensure this event is enabled for your Tenant. See Tenants > Edit > Webhooks in the FusionAuth UI.

solved. I needed to type DELETE.

But if I put these in the application, won't this be a security problem?

If you put them in a javascript app, yes. But if they are in the php application only, then it'll be like a database password. Not really a security issue.

You could also inject them as an environment variable or pull from a secrets manager; however you manage your database credentials, I'd suggest doing the same with the client id/secret.

Awesome, glad to hear it! Thanks for letting me know.

Users are shared across tenants, so if you have one person logged in and they visit a different Fusionauth application url, they'll be automatically logged in again (without the need to auth again). I'm not sure that's what you want.

If you register a user to app A and then to app B, they'll be registered in both apps.

If you register a user to app A and then to app A again, I think you'd get an error message, but would have to try that out to be sure.

If you want to try this yourself, you could try richb201+1@gmail and richb201+2@gmail (anything after the + is treated as the same email address by gmail, but different email addresses by fusionauth).

Is FA the best place to have such time of queries or should I create a pipeline and publish updates elsewhere?

I think you have a couple of choices:

build a pipeline based on webhooks, possibly publishing each user to s3 or another datastore querying elasticsearch directly querying fusionauth changing to the database engine

Given your other requirements (the ability to pick off just the phone number and name), I'd test out querying elasticsearch directly, or, if your queries are all simple, switching to the database search engine.

I'd pursue the pipeline approach only if the direct queries didn't perform well, because it's more moving pieces to break.

Is there an API planned which can allow me to get users data with specific fields - name, phone number or just the data field?

This is not currently planned, but feel free to open a feature request with more details. Feel free to reference this post and your previous github comment. I could see that being a useful API change, similar to how you can specify sort fields.

Is it advisable to modify elastic search to index only certain properties and get results directly from there without fetching the database - Bypassing FA APIs? (I have updated the index.max_result_window to the number of results that I am expecting). Is there is way to make those queries through FA?

We pretty much pass through the elasticsearch queries, letting ES do what it is good at. Modifying the elasticsearch index settings shouldn't cause any issues, but is not something we test.

You'll also want to keep an eye on https://github.com/FusionAuth/fusionauth-issues/issues/494 which should make it possible to query directly from fusionauth.

Also there is an issue of the query that FA uses to get the results from PSQL. So there is limit of ~32k even if elastic search is not the limiting factor. https://stackoverflow.com/questions/1009706/postgresql-max-number-of-parameters-in-in-clause.

I don't believe that this limit applies. Have you seen this limit?

Another option is to use FusionAuth Cloud, then you do not need to be aware of the underlying data storage layer.

Yes. It's on my list to write up some documentation, but until then, this github issue walks you through some supported scenarios (including some code suggestions):

https://github.com/FusionAuth/fusionauth-issues/issues/171

I think you are looking for this issue: https://github.com/FusionAuth/fusionauth-issues/issues/751

This is open and therefore the functionality you are looking for isn't currently available.

Please add your comment and/or your upvote to this issue. Here's our current roadmap guidance.

I'm taking the first step in bringing a classic-ASP app into the 21st century, replacing the existing authentication with fusionauth.

Welcome! 🙂

Once I've added google as a social auth provider and a user attempts to login, the google authentication part happens (user is sent to google and logs in there), but then I'm just stuck on the screen below... never redirected to the redirect_uri or anything.

Hmmm. That's curious. Is there any information about the error in the event log or log tabs (under system)?

What version of FusionAuth are you running?

Also, i noticed if user clicks on create an account it goes to the registration page, which doesn't have a register with google link, even though I've enabled that "create registration" flag in the google settings for my application.

So if you enable "create registration" that means that a user can authenticate with google and then be automatically registered for the given FusionAuth application. This means they'll be authorized to access that application (and receive a 200 when authenticating against it).

This doesn't mean that a user can sign up with google from your application. More details here: https://fusionauth.io/docs/v1/tech/identity-providers/