You can use the admin ui to build the query string.

Definitely test it out with the search first, and then use the bulk delete api.

Here's a shell script that searches for all users except one:

curl -vvv -XGET -H "Authorization: $API_KEY" 'http://localhost:9011/api/user/search/?queryString=NOT%20email:test%40example.com'

Note that I had to escape the space and the @ sign, but here's the elasticsearch query without the escaping: NOT email:test@example.com.

Also, if you are using the database search engine, the syntax will be entirely different, as this example relies on the Elasticsearch syntax.

I'd use the import users API.

Helpful links:

https://fusionauth.io/docs/v1/tech/tutorials/migrate-users https://fusionauth.io/docs/v1/tech/apis/users#import-users

what are you looking for in particular? This blog post has a node session which is used to manage the access_token:

https://fusionauth.io/blog/2020/03/10/securely-implement-oauth-in-react

Is this what you are looking for? https://fusionauth.io/docs/v1/tech/events-webhooks/events#jwt-refresh

Make sure you enable the webhook in the tenant as well as in the webhook definition.

Not with a FusionAuth policy, but you could enforce it just by checking the user during login, as twoFactorEnabled is an attribute of the user.

There's also this github issue which you may want to vote up: https://github.com/FusionAuth/fusionauth-issues/issues/763

No. A lot of our clients use Google analytics (or other similar page analytics tools) to gather those type of metrics.

This is a unique Id field per event, we do not currently persist this event for later retrieval.

If you want any persistent storage of the events, you would need to capture and store the event.

We don’t currently have any internal reporting for that metric.

The best way to do this currently would be to listen to the user.login.success event.

This event will contain what IdP was used and more info. You can then push that to whatever analytics storage layer (database, s3, etc) you'd like.

More here: https://fusionauth.io/docs/v1/tech/events-webhooks/events#user-login-success

There is not any special logging for webhooks.

If an exception occured that would cause it not to be fired, that will be in the log. If it is not being fired and there is no exception, then it is likely that the webhook is not configured to be sent for the particular tenant that you’re using.

More about webhooks: https://fusionauth.io/docs/v1/tech/events-webhooks/

Currently there is no way to prevent a user from doing what is outlined.

Please feel free to create an issue: https://github.com/fusionauth/fusionauth-issues

Hiya,

FusionAuth provides the APIs and data entities, but you have to code the flow. This is because there are multiple choices for parental consent.

Again, still working on documentation, but basically, when the child registers, you'll need to make sure they have a parentEmail attribute associated with the user object. FusionAuth will send one of two email templates based on whether the parent has an account or not.

Then you have to have the parent grant consent, which means building a form that they can check a consent box in, and you then record that consent using the Consent API. If the consent is a COPPA email plus consent, FusionAuth will send a second email based on the tenant settings (make sure you use version 1.18+ because of this issue: https://github.com/FusionAuth/fusionauth-issues/issues/724 ).

When a child is signed in, you can get any consents they have been granted, so your application can prohibit any functionality that needs parental consent.

Here's a sample app for the consent granting that may be helpful: https://github.com/FusionAuth/fusionauth-example-family

@denisskaletti Thanks for feedback. I removed your link because it seemed like spam. We welcome useful links that are about using FusionAuth, please check out the blog category and post there.

You’re correct. That is not a standard redirect URL. You could easily build some glue code to to look like an OpenID Connect compliant SP and then handle the redirect yourself. I am not super familiar with some of the OpenID Connect server options, but something like Hydra may be useful here. Perhaps some others from the community here can help with off the shelf options if you don’t want to code it yourself.

But coding it yourself may be the easiest, if you coded it in Node or something like that, it would be super simple, you’d have FusionAuth redirect to your node app and then you’d redirect to the video platform.

Check out the official documentation on using Docker + Kickstart.

Currently the only way to accomplish this will be to use the Import API, as you mentioned: https://fusionauth.io/docs/v1/tech/apis/users#import-users

We do have an open feature request to allow hashes to be provided on the User API, which I think would be what you're looking for: https://github.com/FusionAuth/fusionauth-issues/issues/348

Feel free to upvote that issue.

Sounds like @viola-mauro you've got this all working.

For anyone else that may be interested, we do have an apache module, that seems to be similar to what you're trying to do.

https://github.com/FusionAuth/fusionauth-mod-authnz-external

The short answer is that these events are from when the user was created or first registered for an application.

When a user is first created, or registered for an application we create a login event because we generate a JWT and optionally a Refresh Token for the user.

In these cases, we do not have an IP address to record in the login event.

We have discussed adding the IP address from the API request, but this is likely a back end system or internal service and the IP address would not represent the location of the end user, and so would likely not be of great use.

That's great!

I'm starting to think I may misunderstand what this complete login endpoint objective is.

I think I'm the one who is misunderstanding things 🙂 Yes, you should be able to build your own login pages to auth directly with google, and yes, you should get the refresh_token returned. I didn't follow what you were attempting to do, I thought you were using the google form provided by FusionAuth (which is what I tested and which returns a refresh_token if you provide the scope).

This sure looks like a bug because the refresh_token should be returned according to the docs. At the very least it is a doc bug, because the noJWT parameter doesn't state that the refreshToken will be returned if noJWT = false:

When this value is set to true a JWT will not be issued as part of this request. The response body will not contain the token field, and the access_token and refresh_token cookies will not be written to the HTTP response

But the response body states a refreshToken will be returned:

The refresh token that can be used to obtain a new access token once the provide one has expired. Because a refresh token is per user and per application, this value will only be returned when an applicationId was provided on the login request.

Can you please file a bug? https://github.com/fusionauth/fusionauth-issues/issues