Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    1. Home
    2. Categories
    3. Q&A
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • A

      How to use FusionAuth JWT token and claims with Hasura GraphQL to authenticate GraphQL requests
      • atakan

      4
      2
      Votes
      4
      Posts
      2019
      Views

      A

      @dan you're welcome! ๐Ÿ™‚

    • dan

      What open source and commercial packages are known to work with FusionAuth?
      commercial compatibility open source packages • • dan

      6
      0
      Votes
      6
      Posts
      6737
      Views

      robotdan

      All of the new IdPs added in 1.28.0. Twitch, Steam, Xbox, Sony PSN, and Epic Games.

    • dan

      Unable to create a registration using the .NET core client
      dotnet client-library user-api • • dan

      4
      1
      Votes
      4
      Posts
      1127
      Views

      dan

      @robotdan Ah, I missed that. I was looking at the response section, which had the registration. Thanks!

    • dan

      Is there a way to customize the Two Factor Code message that comes when the twilio integration is enabled?
      twilio sms configuration from-slack faq • • dan

      2
      0
      Votes
      2
      Posts
      468
      Views

      dan

      This is not currently available.

      The plan is to build out SMS templates that can localized and customized but no timelines have been determined.

    • dan

      Seeing userState of AuthenticatedNotRegistered
      from-slack oauth user faq • • dan

      2
      0
      Votes
      2
      Posts
      909
      Views

      dan

      That message means the user is not registered for the application youโ€™re logging into. If you create a registration for the user youโ€™ll see Authenticated.

      More on this here: https://fusionauth.io/community/forum/topic/5/can-you-limit-a-user-s-login-authentication-access-to-applications-within-a-single-tenant/2

    • dan

      Cannot login with login API?
      • dan

      2
      0
      Votes
      2
      Posts
      505
      Views

      dan

      If you are using the Login API (/api/login) - this does not create an SSO session.

      The FusionAuth Login pages do not currently use the access_token or refresh_token cookies for session management.

      If you want the SSO feature - you need to use the FusionAuth login pages. This is the strategy outlined in the 5 minute setup guide: https://fusionauth.io/docs/v1/tech/5-minute-setup-guide

      We do have a feature open to switch to token based SSO so that this use case would work: https://github.com/FusionAuth/fusionauth-issues/issues/358

    • M

      What happens after asymmetric key expiration?
      • mgetka

      7
      1
      Votes
      7
      Posts
      921
      Views

      dan

      Well, since we're talking about behavior based on a fix that isn't written yet, things are a bit theoretical. ๐Ÿ™‚

      Here's one approach we'd consider. An expired key pair cannot be used to sign a JWT, so we would either have to generate a new key pair ahead of the expiration, or start failing login operations. The former is a better user experience, so a user will either have to regenerate the key, or we would do it based upon a configured policy.

      Also, wanted to be clear that we are aware of this limitation, which is why we set the default expiration period to 10 years (so we have a bit of time to solve this in the best way possible).

      Hope this helps. Let me know if you don't have the information you need.

    • dan

      Is it possible to set up DB replication using MySQL for FusionAuth db?
      mysql database faq • • dan

      2
      0
      Votes
      2
      Posts
      485
      Views

      dan

      As long as your meet our minimum database requirements in theory it should work. I do know that MySQL Group Replication is not supported.

    • dan

      Can we use all the features with the self hosted version?
      faq pricing features self hosted • • dan

      2
      0
      Votes
      2
      Posts
      522
      Views

      dan

      You always get the same features whatever level you are at no matter where you host. That is to say, if you have a premium plan, you can host or we can, the features are the same. If you use the community edition, the features are the same no matter where you host.

      However, there are feature differences between the premium and community plans. More here: https://fusionauth.io/pricing

    • dan

      Why isn't FusionAuth open source?
      open source license faq • • dan

      6
      0
      Votes
      6
      Posts
      5510
      Views

      dan

      Hiya,

      I got an answer for you about sunset provisions.

      We have discussed source code escrow options with clients in the past. We can also offer a source code release clause (in the event FusionAuth goes out of business). However, these are only options if you are on an Enterprise plan with a custom contract.

      Hope that helps you make the right decision for your application(s).

    • dan

      Is there a way to have a user who logs out of an application go back to wherever they started from at login?
      login logout faq • • dan

      2
      0
      Votes
      2
      Posts
      790
      Views

      dan

      You can use the post_logout_redirect_uri query parameter on the logout endpoint to configure where a user ends up after logout.

      More here: https://fusionauth.io/docs/v1/tech/oauth/endpoints

    • dan

      If we're hitting the .well-known endpoint, is there any way to select which tenant we're obtaining the manifest for?
      oauth tenant faq • • dan

      2
      0
      Votes
      2
      Posts
      618
      Views

      dan

      Yes, you can provide the tenantId on the request as a parameter. More information here: https://fusionauth.io/docs/v1/tech/oauth/endpoints#openid-configuration

    • K

      Exception: ReferenceError: FormData is not defined calling exchangeOAuthCodeForAccessToken of TypeScript library
      • ken.ono

      2
      0
      Votes
      2
      Posts
      570
      Views

      robotdan

      Hi,

      I think this was recently resolved via this issue https://github.com/FusionAuth/fusionauth-typescript-client/issues/16

      Can you take a look and see if that looks like your symptom?

    • F

      Elasticsearch Utilization [Self Hosted - Community Edition]
      • firrae

      9
      1
      Votes
      9
      Posts
      4751
      Views

      dan

      @robotdan Thanks Dan!

    • dan

      Each user has one password, correct?
      user faq • • dan

      2
      0
      Votes
      2
      Posts
      565
      Views

      dan

      That is correct. Each user can have one email address, one username, or both. Either of these values can be used to login, and therefore the values are unique within the tenant.

      We do have a username field on a registration, but it is not used for login.

      There's a github issue open for multiple identities: https://github.com/fusionauth/fusionauth-issues/issues/1

    • dan

      This topic is deleted!
      • dan

      1
      0
      Votes
      1
      Posts
      1
      Views

      No one has replied

    • dan

      What is Kickstart?
      kickstart faq • • dan

      1
      0
      Votes
      1
      Posts
      619
      Views

      No one has replied

    • Y

      Generated api key not an UUID but required in Python client
      • yet

      3
      0
      Votes
      3
      Posts
      507
      Views

      dan

      Ah, looks like someone else already shared a fix. https://github.com/FusionAuth/fusionauth-python-client/pull/6

    • dan

      How should I validate access tokens?
      access tokens validation faq • • dan

      2
      0
      Votes
      2
      Posts
      1454
      Views

      dan

      There are a few things to consider.

      how long tokens live for what happens if permisssion are modified in FusionAuth but the protected resource still allows access? any performance worries due to a large number of accessToken validation calls being made by the protected resource.

      With the first approach (validating the access token without communicating with FusionAuth) the holder of the token will be able to access your API as long as the token is valid (unless the API server communicates periodically with FusionAuth to check the validity). In addition, changes to user privileges won't take place until the JWT expires and the client retrieves a new access token using the refresh token.

      With the second approach, if a token is revoked in FusionAuth (if for instance the user is disabled) the access is cut off immediately. The cost is that you're making an additional network call every time, which has a performance impact. Note that if you could use the userinfo endpoint instead of the token if you want updated user claims. The token endpoint isn't going to give you that information, just a yes/no depending on if the token is valid.

      So it's hard to make a recommendation without knowing what the consequences of unauthorized access to your API or protected resource would be. It also would be helpful to know the expected traffic; if it is expected to be low, the performance impact of the second approach will be minimal.

    • B

      Does GitHub have endpoints to obtain OIDC id tokens?
      • bfpgresearcher

      4
      0
      Votes
      4
      Posts
      307
      Views

      dan

      @bfpgresearcher Happy to help ๐Ÿ™‚

    • undefined


      •


      Votes

      Posts

      Views