It sounds like you're experiencing some confusion with the authentication setup in your FusionAuth application. When using traditional email + password authentication alongside Google login, you're expecting to see distinct information in the user session to differentiate between the two authentication methods.

In the context of your Express.js application, the req.session.user object should ideally provide some form of identity provider identification to distinguish between users authenticated via traditional email + password versus Google login. However, it appears that you're not seeing this distinction reflected in the session information.

This behavior could be due to how FusionAuth handles user authentication and session management. It's possible that FusionAuth is not explicitly adding information about the identity provider to the user session, leading to ambiguity when accessing the session data in your Express.js application.

To address this issue, you may need to customize your FusionAuth setup or modify your Express.js application logic to explicitly capture and store information about the identity provider used during authentication. This could involve updating your authentication middleware or incorporating additional FusionAuth API calls to retrieve and store identity provider information alongside user session data.

In summary, while the lack of distinction between authentication methods in the user session may not be the expected behavior, it's likely a result of how FusionAuth is configured or how session information is managed in your application. By exploring customization options and making adjustments to your application logic, you should be able to achieve the desired differentiation between traditional email + password and Google login authentication methods.

@ryan-hopper Thanks for sharing that info. Appreciate it!

@pradhanv88 it is documented here: https://fusionauth.io/docs/reference/configuration

But there is a bug with TLS in recent versions of FusionAuth: https://github.com/FusionAuth/fusionauth-issues/issues/2498

This is scheduled not for this release, but for the next one.

I was able to get this working with:

jdbc:postgresql://db:5432/mydb?currentSchema=auth

@renukamirihana Have you been through this page? https://fusionauth.io/docs/operate/deploy/proxy-setup

What message to you receive when the application goes to the unauthenticated path?

Are you attempting to enable users to log into your application using Google? Click Here for further details

@asenjowork Awesome, I'm glad you figured it out!

Hiya @youchuan990316 You should be able to do this using javascript. I'm not familiar with particular libraries or methods, but google has a number of options.

You can modify the Account two-factor enable theme page.

Hope this helps.

@harish_reddy Thanks for the feedback, we appreciate it. While I think it is unlikely we'd separate out those webhooks, you are welcome to add a GH issue with your feedback and we can see how others in the community feel about the topic.

@tiago Awesome!

Hiya @harish_reddy ,

That's a cool idea. We don't have any plans to do so right now.

@ronn316 Awesome, glad you got it the way you want it and thanks for sharing the update with the community!

@ccurtis Are you able to create the Administrator account?

@netstack said in Setting fusionauth-app.http.cookie-same-site-policy to none in Version 1.4x:

https://github.com/FusionAuth/fusionauth-issues/issues/1414

It does look like the fusionauth-app.http.cookie-same-site-policy has been deprecated as of ver 1.37.0 and I do not know of another way to set it. As browsers are moving away from 3rd party cookies, I think this makes sense.

There are a few options.

the admin UI application is in the default tenant and can't be moved, so add all other users to a new tenant. This adds an additional layer of separation use the IP ACLs function if you are on the enterprise plan use a proxy and have the proxy filter out traffic that doesn't originate from the office network and is requesting anything with the FusionAuth admin UI client id (which is immutable)

@mike123 Can you please try with a capital "S" vs lowercase "s?"

php -S localhost:9012 -t public

@matth Hmmm. Well it should work. If it doesn't, that's a bug.

But in this case, we need to decide to change the linking strategy. If it set to email, this approach will generate new users, rather than linking social login.

Sure, that would be a problem. You'd need to store the GH login id and make sure the user associated it somehow. It's a thorny problem because at the end of the day, the user has decided not to make their email available.

I thought it could be possible because reconcile Lamba would receive a user access token as a parameter. At least such an idea appeared when I saw the lambda signature.

I don't see where the user access token is presented to the GH api. Maybe I'm missing something.

@alex-nebula99 This video might be helpful. You have to turn on webhooks in two places.