While FusionAuth supports both well, if you have the option to use SAMl v2 or OIDC, I would always recommend OIDC.

In general, it is much much simpler to use, debug, configure, etc.

I see patchUser here:

https://github.com/FusionAuth/fusionauth-java-client/blob/1.19.0/src/main/java/io/fusionauth/client/FusionAuthClient.java#L1664

I think that's what you want.

You can, however, always full retrieval and a put as a workaround. That is recommended if you are changing an array, unless you want the behavior documented here: https://github.com/FusionAuth/fusionauth-issues/issues/441

we use asciidoctor + jekyll.

Our website config is open source, please steal^H^H^H^H^H borrow it: https://github.com/fusionauth/fusionauth-site/ here's our css too: https://github.com/fusionauth/fusionauth-style

Version 1.12 is quite an old version. I would recommend upgrading and see if you can recreate the issue.

Sounds like the database is struggling.

Ensure your db is available, and sized reasonably.

If you are using a free tier of a managed database service ensure you have not exceed your IOPs.

You can use https://yourservername.fusionauth.io/api/status if you like.

That endpoint will optionally return JSON you can parse if you provide an API key, otherwise just an http status code.

More details here: https://fusionauth.io/docs/v1/tech/apis/system/#retrieve-system-status

Actually, as of when I write this post, we have two license keys available for anyone with a paid edition. One is a prod license and the other is a non prod license. The latter is a good fit for testing, CI, etc.

Yes, you could connect one FusionAuth to another using an OpenID Connect Identity Provider or SAML v2.

You are correct. The verified flag exists on the corresponding user and the registration. You could optionally use the "verify registration" templatefor this purpose.

If you then ignored the verified: false flag on the registration in your code, it should not impact you.

Another option would be to listen for the user.registration.create event and then fire off an email on your end, or call the Email Send API to send a pre-made FusionAuth email template as a welcome event: https://fusionauth.io/docs/v1/tech/apis/emails/#send-an-email

Will this one work for you?

https://fusionauth.io/docs/v1/tech/client-libraries/netcore/
https://github.com/FusionAuth/fusionauth-netcore-client
https://www.nuget.org/packages/FusionAuth.Client/

I thought that might be a possibility and later tried a t3a.small (vs. t3a.micro) in a new install. So far that's has been working. (As far as anything else on the box - nothing. I like to dedicate at least one VM per major system.)

There's no way to create such a super admin account that can't be modified in FusionAuth.

Options I can think of to achieve something similar:

make sure you have database backups (a good idea anyway) and recover from your last backup if an admin deletes/locks the primary admin account. Or just investigate the FusionAuth database such that you can flip the bit in there if anyone ever locks the primary admin account. create a second tenant and create a tenant scoped API key. Then build whatever user management tooling you need using that API key. The super user will remain untouched and inaccessible in the default tenant. limit people to the roles that they need and never provide anyone with the user_deleter or user_manager role. The user_support_manager role may be helpful to you: https://fusionauth.io/docs/v1/tech/core-concepts/roles/

Only the last one allows users other than the superadmin to access the FusionAuth admin UI.

Feel free to file a feature request explaining your desired functionality in more detail if you'd like.

You can customize the forgot password page by modifying the theme. More details here: https://fusionauth.io/docs/v1/tech/themes/

The template you are looking to modify is the Forgot password template.

There is currently no Forgot username functionality. Please feel free to file a feature request for this functionality.

Is there a way to get the actual error via the FusionAuth admin dashboard?

You can check the event logs and the system output if you have access to the logs, but I don't believe there's a lot of debugging info available for that particular path.

This troubleshooting doc may be worth reading: https://fusionauth.io/docs/v1/tech/troubleshooting/

Also, if you are interested in building a more secure JWT, this article may be of interest: https://fusionauth.io/learn/expert-advice/tokens/building-a-secure-jwt/

So, this appears to be a limitation of Facebook. Here are the API docs from Facebook which have no mention of how long the image URL returned if you pass redirect=0 is good for.

Looks like some Auth0 users also encountered this.

So I think you are on the right path with downloading the user's Facebook images and updating them on your side every time a user logs in.

This is unfortunately a known issue. See https://github.com/FusionAuth/fusionauth-issues/issues/629 for some discussion. There are some workarounds in some situations (allow lists in Office 365) but no general workaround.

@chakshu

Sorry, I pointed you to the incorrect setting.

You can go to Applications > FusionAuth > Edit > JWT > Refresh Token duration

Changing that to 1 (the value is in minutes) caused me to be signed out of the admin application after 60 seconds.

Hope that helps.

I wrote a guide for running fusionauth in a clustered/multi node setup: https://fusionauth.io/docs/v1/tech/installation-guide/cluster/

The bug about the ip addresses being the same (which was only a display bug, not a functionality bug) was also addressed in 1.23.0: https://fusionauth.io/docs/v1/tech/release-notes/#version-1-23-0

Awesome! I know this is on our minds, but don't have an exact timeline for when it'll be implemented.