@chasermina21

I have removed your replies, as they seemed a bit out of context.

Please see our community guidelines.

https://fusionauth.io/community/forum/topic/1000/code-of-conduct

Thanks,
Josh

@dan Great. Thanks for info.

Hi @mdobron17,

Thanks for writing in! For what it's worth, the way you are approaching it now is a great way to do it. When you log in to GitHub with an OIDC IdP, we store away the refresh token, and don't auto-refresh the GH JWT. That is up to you, as the developer.

It's worth mentioning that even if we built functionality to store the Refresh Token and the Access Token, the JWT Access Token eventually expires and needs to be refreshed, which would put the burden back on you to refresh the token.

You're free to open a GH issue to suggest we expand how we handle tokens from 3rd party IdPs, if you'd like. You can do so here.

If you'd like a little more of a deep dive into configuring OIDC with GitHub, we have a post on that here.

Hopefully this helps, please let me know if you have any more questions!

@craynor

You may want to review our documentation

https://fusionauth.io/docs/v1/tech/connectors/

In contrast to using an OIDC Identity Provider, with a Connector the user doesn’t choose their identity provider; the administrator does. In addition, if the data source contains additional user profile information, a Connector allows you to map that into your user object. Finally, the data provider doesn’t have to implement the OIDC specification.

Let us know if you have additional questions!

Thanks,
Josh

Hi @john_doe_1,

Great question! I want to clarify a couple of things:

Are you using social login plugins that are separate from FusionAuth? Are you using an OAuth flow using our hosted pages or are you customizing your login flow?

We do offer identity providers using our OAuth flow that enable third-party login with FusionAuth. You can find more details on that here. That may be a good place to start.

Please let me know if that helps, and if not, we can brainstorm some more solutions together.

@alan-wood,

In reviewing with the team, looks like there is another path forward regarding original bullet #3

Add an Idp (you could use google for instance) Add a consent from settings > consents Add a form field referencing this consent Make an advanced registration form Add previously created form field/consent to this form Create a new theme (or extend your existing non-default/shipped theme) Modify the theme to remove the display of the username and password in FreeMarker Navigate to customizations > themes > all affected templates (in my case, this was the OAuth register template)

Here is the simple Freemarker that I used to modify (disclaiming now that you may want to rework this code a bit -- example only)

[#-- Begin Self Service Custom Registration Form Steps --] [#if fields?has_content] <fieldset> [#list fields as field] [#if field.key == "user.username"] [#elseif field.key == "user.password"] [#else] [@helpers.customField field field.key field?is_first?then(true, false) field.key /] [#if field.confirm] [@helpers.customField field "confirm.${field.key}" false "[confirm]${field.key}" /] [/#if] [/#if] [/#list] </fieldset> <div class="form-row"> [#if step == totalSteps] [@helpers.button icon="key" text=theme.message('register')/] [#else] [@helpers.button icon="arrow-right" text="Next"/] [/#if] </div> [#-- End Custom Self Service Registration Form Steps --] Now when I see my register page, I get view like this. The Idp that you select will use the hidden username/email and password fields.

You are going to want to also customize the label for the consent. More information can be found below.
https://fusionauth.io/docs/v1/tech/guides/advanced-registration-forms/#consents

804d24ad-6884-411f-812e-85cb26406b7b-image.png
⬇ ⬇ ⬇
1b22fb15-8544-4b19-a267-54aeea3236ad-image.png

Does that require completely replacing the UX flow you have with my own hosted one?

Yes, I believe that you would have to do this to add your own pages.

Thanks so much for writing this up @sswami !

Hi @alex,

Yes, you are correct -- there is not a configuration for setting the host within FusionAuth. There are workarounds, but it sounds like you were able to find the most optimal solution using cloud network configuration settings.

Thanks,
Josh

Hi @rvogelgsang,

Sorry to hear you are having trouble! If you had a bit more details that might be helpful.

For instance:

What environment you are running FusionAuth in and what client package you are using? Sounds like maybe our typescript client? Where are you setting the custom ID and what errors are you seeing? An example code snippet if possible Additional context about what you are trying to achieve in your code etc

If this is ultimately a bug, we can file a bug report as well. Thanks and let us know!

Thanks,
Josh

No, this is not currently possible. Here's an open issue, please upvote it if this is a crucial feature: https://github.com/FusionAuth/fusionauth-issues/issues/1082

One alternative to repeating content would be to use some kind of generation system outside of FusionAuth (freemarker, handlebars) to generate text files. Then you'd then upload as the email templates via the API.

Use docker?

This error is related to FusionAuth not being able to communicate to nodes over TLS in a multinode environment.

Two things you will want to check-

If you are using self-signed certs (TLS)

You will need to add any self-signed certificates to your Java Truststore.

If you are using a signed cert from a certificate authority

Make sure you have properly integrated that cert into your TLS

Lastly, If you are on a secure private backplane, you can simply communicate over non-TLS (HTTP).

Once FusionAuth can establish a connection, then the caching issues should remedy themselves. In a multi-node environment, the first node is kickstarted with its own cache and then attempts to inform all other nodes to refresh their cache. If this "master node" cannot communicate (in this case due to not have the right security cert), then you will see errors such as above.

Thanks,
Josh

Hiya,

We have 4 different options for that.

https://fusionauth.io/docs/v1/tech/guides/api-authorization/

Client credentials is the most straightforward, but requires a paid license. The other options are outlined in detail in that doc.

You can find our RPM and DEB packages on the direct downloads page: https://fusionauth.io/direct-download/

@naughtly-keller or @sander

Not sure if one of you were the creator of this?

https://next-auth.js.org/providers/fusionauth

or if not, at the very least I wanted to pass along the additional info that is now available 🙂

Thanks,
Josh

Can we do something like this through the UI interface too?

This is not currently possible. Creating the User, and creating a User Registration are two separate steps. As you correctly stated, when creating the user in the UI, there is no context yet for an application. For this reason, the user will receive the template configured at the tenant level.

Or is this only possible through the API?

Correct. You must use the Create "User + Registration" API to do this in one step to use the application template for setup password.

If I register a user with both applications (through the API) which email do they get?

When using the API to Create "User + Registration" you can only register for one application at a time. The email is only sent during the User Create step, so if you register for a second application, the user will already exist and thus will not receive a second email.

@rahimisajad

I can't think of any built-in ways to do this. I am curious if you could elaborate on how you built out OTP using the JWT API?

Also, can you elaborate a bit on this. Additional details might be helpful.

The solution I have in mind is to manage sessions myself, but I don't know if this is a safe way to go or not.

Thanks,
Josh

@egis

Yes, if you are using our hosted pages, they are themeable through the Freemarker templating language. See our documentation below:

https://fusionauth.io/docs/v1/tech/themes/

FusionAuth themes allow you to customize the OAuth2 / OpenID Connect login pages and other user workflows such as forgot password. In FusionAuth you may create one to many themes and assign a theme per tenant or application so that you can customize the user experience for different users.

Thanks,
Josh