To add to what @joshua said, we don't record when "name, username, email, or password" has changed. The last update timestamp will be modified whenever anything about a user object changes. So if you are only interested in those changes, a webhook to an external system is the best solution.

If you are ok with using the last update timestamp, I don't think you can query that with the queryString. I think you'll need to use a full query parameter. There are examples of ranges in the user search docs Joshua links to, but here's an example I copied and munged from there (so haven't tested it, but it should give you a starting point):

{ "range": { "lastUpdateInstant": { "gte": 1618691124000, "lte": 1618691224000 } } }

You'll need to escape that JSON and provide it as the query parameter (either in the url query string or in the form post object).

Hi @marcos-muller,

After discussing this further with my colleagues, I may have given you misguided information.

SSO will enable seamless login in between applications, but if you are working with aud claims you will want to access the JWT populate lambda functionality and add the corresponding API id to the aud claim.

More info can be found here

https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/ https://fusionauth.io/docs/v1/tech/lambdas/

I hope this helps!

Thanks,
Josh

@bogorad,

Glad you got it figured out!

Dropping a link here for future viewers 🙂
https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users

Josh

Just wanted to update. A user opened: https://github.com/FusionAuth/fusionauth-dart-client/issues/7

To clear things up, with a public client like a mobile application, you can't safely store a client secret (it'll be shared among all the native apps and can be found via decompilation).

In this scenario, you should disable Require authentication in the FusionAuth Application configuration and use PKCE to secure communication with the Token endpoint.

You can use the exchangeOAuthCodeForAccessTokenUsingPKCE client method to do so.

This is also outlined here: https://fusionauth.io/docs/v1/tech/client-libraries/dart/

Looks like this is fixed in openjdk 15, so will be picked up when we roll that out (no timeline, but we are on 14 now).

@sean-hogan2,

Welcome to the FusionAuth Community!

I want to avoid giving too specific advice on architecture in our community forums, but what you have outlined here certainly seems plausible, at least at first pass. Could you elaborate a bit on what you mean regarding 'shell objects for the users'? I will also see if my colleagues have any other feedback for you. If they do, I will be sure to pass it along here.

Regarding the user object, you have the ability to set up a lambda function to add custom functionality.
One can make any number of custom claims on the user object to help you facilitate what you are trying to create (re: 'parameterize the templates'). A good example of this can be found here.

In addition to lambdas, FusionAuth also has significant extensibility through its external identity providers, connectors, and API's which you can mold to your use case. As an aside, if it is possible to do in FusionAuth, it will most certainly be doable through our APIs (some of our customers don't even really use the UI).

I hope this helps!

Thanks,
Josh

Hi @egis!

Welcome to the FusionAuth community! Let me see if I can get you pointed in the right direction!

API

I would suggest reviewing our Users API which allows for a flow similar to what you are describing (if I understand you correctly).

https://fusionauth.io/docs/v1/tech/apis/users/#create-a-user

Request Body sendSetPasswordEmail [Boolean] OPTIONAL Defaults to false Indicates to FusionAuth to send the User an email asking them to set their password. The Email Template that is used is configured in the System Configuration setting for Set Password Email Template. If you set this value to true the password field is then ignored, FusionAuth will set the initial password to a securely generated random string. If you have also enabled email verification and do not select to skip verification using the skipVerification parameter, only the setup password email will be sent to the user. Setting up the password using the email sent during this user create operation will implicitly verify the User’s email if it is not already verified. If the SMTP email configuration is not complete, or disabled, this value is ignored. Via UI

Once a user has been added by an admin via the UI, there is an option to send a
toggle to “Send email to setup password." which would reproduce the functionality described above.

Email templates

Remember to select a template in Applications via UI
setup-password-template.png

Roadmap

Is there a chance that this https://github.com/FusionAuth/fusionauth-issues/issues/743#issuecomment-664365516 will be implemented?

While this issue is documented, it not on our short-term road map at this time.

Please review our roadmap guidelines

I hope this helps on your way!

Thanks,
Josh

Referencing/linking below for future guidance for folks who view this post:

https://fusionauth.io/community/forum/topic/900/authentication-for-an-application-with-web-client-and-mobile-front-ends

@mehamm

I am working on a multi tenant guide. Thank you very much for your feedback; I'll make sure to include it.

As you continue to build out your multi tenant application, please continue to post on the forum about your progress and/or any other questions. 🙂

We often hear our multi tenant support is a differentiator for FusionAuth, and would love to make it easy/clearer for everyone.

Both the API and the UI can pull User Data.

Via API

Docs are here:

https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users https://fusionauth.io/docs/v1/tech/apis/users/#elasticsearch-search-engine

Via UI

The functionality is nested under the user tab on the upper left nav.

From there click on the advanced button. From there you can enter your query in the search bar. Note: If you want to see how the query is constructed, there is also a toggle - Show Elasticsearch Query https://fusionauth.io/docs/v1/tech/core-concepts/users/#user-search can guide you through a simple user query.

@cyrill-lippuner PR here: https://github.com/FusionAuth/fusionauth-site/pull/544

Thanks for the feedback!

How would I do this kind of search for users within a Postgresql database, I'm not using ElasticSearch.

Sorry, you cannot.

Unfortunately you can't search beyond fuzzy matching on the parameters listed in the database search documentation. If you have advanced search needs, we recommend running elasticsearch, which is extremely powerful and flexible.

Here's a tutorial on switching search engines: https://fusionauth.io/docs/v1/tech/tutorials/switch-search-engines/

No, Kickstart must be run on a pristine system. Please feel free to file an issue suggesting that functionality, though: https://github.com/fusionauth/fusionauth-issues/issues.

Yes.

The only thing you can't create via the API is another API key. You can track that functionality on this issue.

See the tenant documentation for more.

FYI a lot more FusionAuth Cloud details are available in the cloud installation guide.

FYI a lot more FusionAuth Cloud details are available in the cloud installation guide.

Darn API key permissions!!

shaking-fist.png

Thanks for trying out FusionAuth. The account management is mostly self service. If you log into your FusionAuth account you will find your deployment under the Deployments section.

https://account.fusionauth.io/

You should see an action on the deployment table to Destroy the deployment. This action will delete your FusionAuth Cloud instance and pro-rate a refund back to credit card.

If you are using Elasticsearch yes..

If you want to search for a username in a particular registration (for a particular application)

{ "bool" : { "must" : [ { "bool" : { "must" : [ { "nested" : { "path" : "registrations", "query" : { "bool" : { "must" : [ { "match" : { "registrations.applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32" } }, { "match" : { "registrations.username" : "bob" } } ] } } } } ] } } ] } }

Where the value for registrations.applicationId is the Id of your application and the username you are looking for is bob.

If you only wanted to search for a user with a username of bob you could just search on registrations.username:bob - but this would not limit the search to any particular application registration.