@rationem You could look at my backend app in this monorepo: https://github.com/kasir-barati/you-say

There I've implemented a NestJS custom backend app. BTW I have a question for you, right now my NextJS frontend build is broken and I do not know why, I mean I kinda know that it is because I am using @fusionauth/react-sdk and it needs to have access to document object but since during build it does not have that my build is defective. Any suggestion?

I also read this doc but it was not what I wanted since it was communicating directly with FusionAuth and in my case I do not want that 🙂.

Hey @dan,

Just wanted to point out a few things. First I have a custom Backend app and this doc does not cover that at all. It looked to me like it is communicating directly with FusionAuth which is not a good idea in my case (I am using mostly Client side components). So I switched gears and tried to use @fusionauth/react-sdk instead. It was working until I got busted with this broken build log. Any suggestion on how to fix my build since I guess it is related to NextJS and how we lack document at build time since it works just fine when I run the NextJS app in dev mode.

The hosted backend is designed to cover a number of use cases, but is not very configurable.

If you need more control over the backend, it's suggested you stand up your own application backend to do the token exchange and set the cookies or otherwise store the access token. Many frameworks will take care of this for you.

FusionAuth has provided a sample express application that has the same functionality as the hosted backend and can be extended. For example, to change the domain of the cookie set, you can modify the cookie setting code here.

@marco-0 Couldn't you add some logic to the redirect page and send the user to the correct one based on the situation?

@stephan Thanks for sharing.

@fc I responded to your issue post on Github. I would like to help.

The best way to solve this is to use a <meta> element with its http-equiv set to Refresh in the <head> of the page.

When the page is displayed, the browser will go the indicated URL.

The Verify registration complete template can be updated like this, for example:

[@helpers.head] [#-- Custom <head> code goes here --] <meta http-equiv="Refresh" content="0; URL=https://google.com/" /> [/@helpers.head]

@alex-3 I'm a bit unclear on what you are trying to do.

Can you outline the exact steps you want to take?

@dan thank you guys for quick response, it took me 15 months to take a look... any chance it has been added to client libraries?

Further discussion on this issue can be seen here: https://github.com/FusionAuth/fusionauth-javascript-sdk-express/issues/11

Hey @dan,

Thanks for the invaluable insights sharing. Just one question remains in my mind and that is when to get user to verify their email address in this method of setting their password in one shot?

Should I set any flag to indicate to FusionAuth to send an email to user for email verification?

My use case is like this:

User opens mobile app They will register through my app by sending their name, family, email address, and password. In my backend I get their req and as aforementioned I am passing those fields to the FusionAuth client (I am using @fusionauth/typescript-client)

Now I am not sure how to config or let FusionAuth know that it should send an email to the user's entered email address containing a one time use link to verify their email address so that I can be sure they've verified their email address and probably have some sort of law enforcement or restriction based on verified email addresses and not ones.

Many thanks for your support.

@dsmurrell Dunno about this hasura but I am doing it in a self hosted FusionAuth. I am using Docker and dockerize FusionAuth.

Maybe better to contact their customer support

FusionAuth provides a feature called Identity Provider (IdP) Linking Strategies that allows you to link social login accounts to existing FusionAuth accounts. This feature is available since version 1.28.0.

There are several strategies you can use to link accounts:

Link On Email: This strategy will create a new user if they don’t exist. However, if the user has an email address at their social provider which differs from the email address that was used to sign up for your application and which you imported to FusionAuth, then two accounts will be created.

Link On Username: Similar to the Link On Email strategy, this will also create a new user if they don’t exist. But it has a greater risk of account takeover and should be used with caution. In most cases, you would never want to enable more than one identity provider to link by username because there could be a username collision.

Pending: This strategy will prompt the end user to sign into FusionAuth after they sign into the social provider, authoritatively linking the two accounts.

To implement this, you'd have to get the user to login via their social account and get their unique user Id. Then you'd take that user Id and create a link using the APIs. After the link is created, the next time the user went to login, they could use either their old email/password credentials or the linked social login.

Here's more information about IdP Linking Strategies.

Sources:

FusionAuth 1.28 Announcement FusionAuth Community Forum FusionAuth Documentation

@ronn316 Nice, Please mark the thread as resolved so that others know what was the answer for you.

Thanks

@justin-calareso to test this screen, you can always select preview on your theme to see if it would work if needed.

4d96f8f3-c0b9-4b8e-9757-f2f04bc7bf98-image.png

Then select the "Confirmation required" screen. Notice how I put "Alex did this" on this confirmation.

8c4d814b-c294-4ff9-9611-e6cecca06dfe-image.png

One of the easiest ways to try this out is to use Passwordless login. As you can see in the Theme I have the confirmation page example set which I added <h1>Confirmation page example</h1>
d32abe10-15cd-49ec-b4aa-0678fd54be20-image.png

Now when I log in to the application I am presented with the option for "Login with magic link"

35733ee4-3266-482c-8374-97542a0bf196-image.png

This will email me a link which I can open in a new private window (or different browser not already logged into the application).
6180b8f8-24a6-4e64-9db2-124de8b07749-image.png

Once I open this in the new window you will see that the confirmation required has my H1 tag showing "Confirmation page example".

c7352f4a-c0ba-4549-a239-6a64ef669bc8-image.png

I hope this helps.

My bad, I was misconfiguring my FusionAuth instance and at the same time banging my head against a brick wall.

So who answered my question? FusionAuth Docs AI.

The iss or issuer claim in FusionAuth is a URL that identifies the principal that issued the JWT. The issuer claim is a case-sensitive string containing a string or URI value. The processing of this claim is generally application-specific.
In FusionAuth, the issuer claim can be set in two ways:

You can set it in the tenant configuration, where it will apply for all JWTs issued for that tenant. You can modify this by navigating to "Tenants", then your tenant, then "General". Here, you can modify the "Issuer" field value. You can set it at the individual JWT level by modifying the JWT populate lambda. You would do this if you wanted to have a different issuer based on some information from the user or registration data.

The issuer claim is typically set to the URL of your FusionAuth instance. For example, https://local.fusionauth.io or http://localhost:9011. The choice between http and https depends on whether your FusionAuth instance is set up to use SSL or not. If it is, then https should be used. If not, http can be used.
In the case of https://localhost:9011, this means that the FusionAuth instance is set up to use SSL and is running on the local machine on port 9011.

Although it was not completely correct but its first suggestion was right on the money. I am configuring FusionAuth using Terraform/OpenTofu. And there I was passing the wrong value to issuer. Learn more here: https://registry.terraform.io/providers/fusionauth/fusionauth/latest/docs/resources/tenant

So I was passing https://localhost:9011 😓.

Thanks @dan 💮,

so in other words your saying to manage who invited who* in my own app; thing like keeping this data.

Now that I think about it this makes more sense since then I have more control over it and can change its implementation however I want in the future. Besides FusionAuth is all about Auth and not my business models 😅.

*Let's assume we have a referral program in place

This might be useful for visitors in the future: https://fusionauth.io/docs/extend/examples/device-limiting

Hey FusionAuth fans,

I've just come up with a brilliant idea, why not utilizing theme message? I have working example here. Just a quick run down on what I have done there:

I am adding a new message key-value pair to my default custom theme called frontend-app-url. Implemented in a terraform resource named custom-theme. It is a bit hacky of course. I am using it in my change-password-complete.ftl

And this way I worked my way around it 😂

Hopefully this will help you, do not hesitate to give this repo a ⭐ in GitHub.