"I’m grateful for your support. Thanks a lot!"

thanks for sharing...

@elliotdickison Check out these posts:

179 and 2485

A client reached out to us with the same issue, they are being forced to configure MFA even though they are doing an SSO login and the issue also seems to be intermittent. Hope Fusionauth comes up with a fix for this

@ronn316 We have some guidance about reaching out from FusionAuth to another machine on the network, but the right answer really depends on what the docker network configuration looks like.

Hi Mike,

I ran a test where 4000 url's were added to:

System Settings->CORS->Allowed origins

I used the

/api/system-configuration

API to add the url's. Note, the page itself now takes a significant time to load as 4000 url strings are being rendered.

Cheers

@abdoulaye-sow I'm seeing this in the /api/passwordless/start endpoint. The weird thing for us is that even though this is our Dev instance, we have no more than 5 concurrent users at the moment so we certainly shouldn't be overloading the system.

I'm starting to look into this now, but if you did find anything out I'd love to hear from you

It seems like FusionAuth's email server is acting up, even though SWAKS shows no problems with your own email server. You might want to try using other services like SMTPget or Amazon SES for sending emails through FusionAuth. Make sure your FusionAuth SMTP settings are set up correctly, and if the issue continues, contact FusionAuth support for help fixing it quickly.

@didier I'm not 100% sure what you mean by "expose twoFactorId in frontend part". I'm assuming you mean give the user a way to input the code. So yes, you will have to allow them a method to input their code and then complete the login. Please see here for more information.

@didier hmm, I guess you can do it by registering user in your backend (get username, and password from the user and register a user with those). Then you can just exchange the plain text username, password for JWT tokens and attch them to response cookies. Something like this: https://github.com/kasir-barati/you-say/blob/main/apps/backend-e2e/src/utils/login.util.ts.

If you're using FusionAuth Typescript client you can do it like this: https://github.com/kasir-barati/you-say/blob/main/packages/backend/auth/src/lib/services/mobile-auth.service.ts#L71

@qwandery,

OR, perhaps a new concept is needed in FusionAuth -- "Organizations" if you will -- that allows for granting users with different permission sets inside the same Application.

You should feel free to open up a feature request here.

@qwandery @Alex-Patterson I think it is also very beneficial to focus on some implementation details such as how our logout endpoint should not validate JWT token otherwise user might receive a 401 JSON response.

In my case I was validating it in my backend app (NestJS) so I thought it should be OK but now that I am looking in the rearview mirror I think I can see why I should not have done that 😓.

Ah BTW, here I am using NextJS (standalone) + NestJS. So it is not SPA.

Hi Mike,

You could add a logoutLink at the end of the template inside the end of helpers.main to logout and then redirect the user back to the registration page such as:

<div class="form-row push-top"> [@helpers.logoutLink redirectURI="${request.contextPath}/oauth2/register"]${theme.message("register")}[/@helpers.logoutLink] </div> [/@helpers.main]

The template would display for example with the link titled register at the bottom of the page in the attached screenshot.

Screenshot 2024-05-02 at 23.54.08.png

Cheers

Ok. I see "userId" property. Not easy to undertand !

@andy-2 are you talking about self-hosted or Fusion-Auth hosted?

@admin-9 I have not worked with Metabase, so I don't think I can be of help there. I do want to make sure you have seen the documentation on configuring FusionAuth as the Service Provider.

It is worth noting the bit about opening up a request for FusionAuth to provide additional examples on Github. It may be worth you time to do that.