@vignesh,

There are a lot of potential issues that could be at play. Any additional information about your configuration/error logs might be helpful. Also, have you reviewed our documentation here regarding passwordless?

Also, as a quick take, you could install something like Mailcatcher to further check to see if the mails are even being sent.

Thanks,
Josh

Referencing/linking updated conversation here:
https://fusionauth.io/community/forum/topic/973/fusion-auth-upgrade-failing-user-registration?_=1619623366378

Hi @erikh!

Welcome to the FusionAuth Community!

I might need more details, as I have only a functional familiarity with Docker and container orchestration. As I understand it, NTP is a service that can be added to your container. But like I said, I might need more context to fully understand your issue. A quick look through the Dockerfile and docker-compose does not show any timeserver options being enabled.

Any other details about what you have tried, potential pitfalls that you are seeing, or errors may be useful.

I am also posting here (perhaps perfunctorily), the available documentation on FusionAuth for docker installation:
https://fusionauth.io/docs/v1/tech/installation-guide/docker/

The repo supporting FusionAuth containers is here:
https://github.com/FusionAuth/fusionauth-containers

The docker files are here as well:
https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/

Thanks and let us know. Happy to assist you in resolution as able.

Thanks!
Josh

Hi @mayank!

Apologies that you are having difficulty with this upgrade!

Do you have any more details on the types of errors you are receiving? Any errors logged to the event log or system log would be helpful in troubleshooting this as well. Can you provide the full endpoint that you are attempting to hit? Any other details about your setup would be helpful in diagnosing.

Thanks for the input and look forward to hearing more soon.

Thanks,
Josh

Hi @vaibhav!

Yes, this should be possible. The short answer is that you will want to review our documentation found below:

https://fusionauth.io/docs/v1/tech/themes/
https://fusionauth.io/docs/v1/tech/guides/passwordless/

Another user, borograd, had a related post here as well:
https://fusionauth.io/community/forum/topic/899/any-simple-was-of-doing-apple-google-only-login/3?_=1619622757240

I hope this helps!

Thanks,
Josh

You can use the user.create or the user.registration.create webhook to do something like this.

If you enable these webhooks and configure the transaction to require the webhook to succeed, then you simply need to return a non-200 status code from the webhook to cause FusionAuth to fail this create.

https://fusionauth.io/docs/v1/tech/events-webhooks/#tenant-settings
https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-create
https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-registration-create

Updated the JWT populate lambda doc to make it clear that headers aren't modifiable at the present time: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/

The way to do this is to use the user.data or registration.data objects as a transfer mechanism.

If you are using OIDC (SAML is much the same, but I'll use OIDC as an example), you can create a OIDC Reconcile Lambda. It might look like this:

// Using the JWT returned from UserInfo, reconcile the User and User Registration. function reconcile(user, registration, jwt) { user.data.favoriteColor = jwt.favoriteColor; }

So the jwt in this case is that returned from the OIDC identity provider. We store the data in user.data.

Now we need to pull it off of the user.data object using a JWT populate lambda. That might look a little something like this:

// Using the user and registration parameters add additional values to the jwt object. function populate(jwt, user, registration) { jwt.favoriteColor = user.data.favoriteColor; }

favoriteColor is now available as a claim in the JWT produced by FusionAuth.

Don't forget to assign your lambdas to the correct operations. The OIDC Identity provider needs to be configured with the reconcile lambda. The application's JWT tab is the right place to configure the use of the JWT populate lambda.

More information on all the lambda options available here: https://fusionauth.io/docs/v1/tech/lambdas/

You can modify your edition by:

Going to account.fusionauth.io Logging in Going to the edition tab Changing the edition from enterprise to a different one Save your change.

No, FusionAuth doesn't support adding JWT headers to FusionAuth generated JWTs. I looked at the code and don't think it'd be a ton of work to add support; there's already some scaffolding in the fusionauth-jwt OSS project.

I highly encourage anyone with this problem to file a feature request here with more details about your needs: https://github.com/fusionauth/fusionauth-issues/issues

We consult that in our roadmap planning. We also offer professional services if you need us to build it on a schedule. Please send a request to our sales department if that is an option you'd like to pursue.

An alternative would be to build a service that would re-sign your JWTs from FusionAuth with the needed header changes. Not optimal, I understand, but another avenue that might get you what you need.

If no email address is available, we fail and say we need an email address.

You’ll find your license Id on your account portal. Once you have that value, you can paste it into the FusionAuth instance to activate the license.

You should find your license on your account page, which you can log into here: https://account.fusionauth.io/

Here is a guide on activating your license: https://fusionauth.io/docs/v1/tech/reactor/

@joseantonio Glad to hear it!

FusionAuth does not support mapping these URLs, you may be able to accomplish that through CloudFront or some other proxy configuration.

We'd recommend a redirect.

@richard-allwood

Based on your feedback (among others) I created a 'jobs' category here: https://fusionauth.io/community/forum/category/7/jobs

Feel free to post your sample app project to see if anyone in the community can help.

To add to what @joshua said, we don't record when "name, username, email, or password" has changed. The last update timestamp will be modified whenever anything about a user object changes. So if you are only interested in those changes, a webhook to an external system is the best solution.

If you are ok with using the last update timestamp, I don't think you can query that with the queryString. I think you'll need to use a full query parameter. There are examples of ranges in the user search docs Joshua links to, but here's an example I copied and munged from there (so haven't tested it, but it should give you a starting point):

{ "range": { "lastUpdateInstant": { "gte": 1618691124000, "lte": 1618691224000 } } }

You'll need to escape that JSON and provide it as the query parameter (either in the url query string or in the form post object).

Hi @marcos-muller,

After discussing this further with my colleagues, I may have given you misguided information.

SSO will enable seamless login in between applications, but if you are working with aud claims you will want to access the JWT populate lambda functionality and add the corresponding API id to the aud claim.

More info can be found here

https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/ https://fusionauth.io/docs/v1/tech/lambdas/

I hope this helps!

Thanks,
Josh

@bogorad,

Glad you got it figured out!

Dropping a link here for future viewers 🙂
https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users

Josh