You can modify your edition by:

Going to account.fusionauth.io Logging in Going to the edition tab Changing the edition from enterprise to a different one Save your change.

No, FusionAuth doesn't support adding JWT headers to FusionAuth generated JWTs. I looked at the code and don't think it'd be a ton of work to add support; there's already some scaffolding in the fusionauth-jwt OSS project.

I highly encourage anyone with this problem to file a feature request here with more details about your needs: https://github.com/fusionauth/fusionauth-issues/issues

We consult that in our roadmap planning. We also offer professional services if you need us to build it on a schedule. Please send a request to our sales department if that is an option you'd like to pursue.

An alternative would be to build a service that would re-sign your JWTs from FusionAuth with the needed header changes. Not optimal, I understand, but another avenue that might get you what you need.

If no email address is available, we fail and say we need an email address.

You’ll find your license Id on your account portal. Once you have that value, you can paste it into the FusionAuth instance to activate the license.

You should find your license on your account page, which you can log into here: https://account.fusionauth.io/

Here is a guide on activating your license: https://fusionauth.io/docs/v1/tech/reactor/

@joseantonio Glad to hear it!

FusionAuth does not support mapping these URLs, you may be able to accomplish that through CloudFront or some other proxy configuration.

We'd recommend a redirect.

@richard-allwood

Based on your feedback (among others) I created a 'jobs' category here: https://fusionauth.io/community/forum/category/7/jobs

Feel free to post your sample app project to see if anyone in the community can help.

To add to what @joshua said, we don't record when "name, username, email, or password" has changed. The last update timestamp will be modified whenever anything about a user object changes. So if you are only interested in those changes, a webhook to an external system is the best solution.

If you are ok with using the last update timestamp, I don't think you can query that with the queryString. I think you'll need to use a full query parameter. There are examples of ranges in the user search docs Joshua links to, but here's an example I copied and munged from there (so haven't tested it, but it should give you a starting point):

{ "range": { "lastUpdateInstant": { "gte": 1618691124000, "lte": 1618691224000 } } }

You'll need to escape that JSON and provide it as the query parameter (either in the url query string or in the form post object).

Hi @marcos-muller,

After discussing this further with my colleagues, I may have given you misguided information.

SSO will enable seamless login in between applications, but if you are working with aud claims you will want to access the JWT populate lambda functionality and add the corresponding API id to the aud claim.

More info can be found here

https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/ https://fusionauth.io/docs/v1/tech/lambdas/

I hope this helps!

Thanks,
Josh

@bogorad,

Glad you got it figured out!

Dropping a link here for future viewers 🙂
https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users

Josh

Just wanted to update. A user opened: https://github.com/FusionAuth/fusionauth-dart-client/issues/7

To clear things up, with a public client like a mobile application, you can't safely store a client secret (it'll be shared among all the native apps and can be found via decompilation).

In this scenario, you should disable Require authentication in the FusionAuth Application configuration and use PKCE to secure communication with the Token endpoint.

You can use the exchangeOAuthCodeForAccessTokenUsingPKCE client method to do so.

This is also outlined here: https://fusionauth.io/docs/v1/tech/client-libraries/dart/

Looks like this is fixed in openjdk 15, so will be picked up when we roll that out (no timeline, but we are on 14 now).

@sean-hogan2,

Welcome to the FusionAuth Community!

I want to avoid giving too specific advice on architecture in our community forums, but what you have outlined here certainly seems plausible, at least at first pass. Could you elaborate a bit on what you mean regarding 'shell objects for the users'? I will also see if my colleagues have any other feedback for you. If they do, I will be sure to pass it along here.

Regarding the user object, you have the ability to set up a lambda function to add custom functionality.
One can make any number of custom claims on the user object to help you facilitate what you are trying to create (re: 'parameterize the templates'). A good example of this can be found here.

In addition to lambdas, FusionAuth also has significant extensibility through its external identity providers, connectors, and API's which you can mold to your use case. As an aside, if it is possible to do in FusionAuth, it will most certainly be doable through our APIs (some of our customers don't even really use the UI).

I hope this helps!

Thanks,
Josh

Hi @egis!

Welcome to the FusionAuth community! Let me see if I can get you pointed in the right direction!

API

I would suggest reviewing our Users API which allows for a flow similar to what you are describing (if I understand you correctly).

https://fusionauth.io/docs/v1/tech/apis/users/#create-a-user

Request Body sendSetPasswordEmail [Boolean] OPTIONAL Defaults to false Indicates to FusionAuth to send the User an email asking them to set their password. The Email Template that is used is configured in the System Configuration setting for Set Password Email Template. If you set this value to true the password field is then ignored, FusionAuth will set the initial password to a securely generated random string. If you have also enabled email verification and do not select to skip verification using the skipVerification parameter, only the setup password email will be sent to the user. Setting up the password using the email sent during this user create operation will implicitly verify the User’s email if it is not already verified. If the SMTP email configuration is not complete, or disabled, this value is ignored. Via UI

Once a user has been added by an admin via the UI, there is an option to send a
toggle to “Send email to setup password." which would reproduce the functionality described above.

Email templates

Remember to select a template in Applications via UI
setup-password-template.png

Roadmap

Is there a chance that this https://github.com/FusionAuth/fusionauth-issues/issues/743#issuecomment-664365516 will be implemented?

While this issue is documented, it not on our short-term road map at this time.

Please review our roadmap guidelines

I hope this helps on your way!

Thanks,
Josh

Referencing/linking below for future guidance for folks who view this post:

https://fusionauth.io/community/forum/topic/900/authentication-for-an-application-with-web-client-and-mobile-front-ends

@mehamm

I am working on a multi tenant guide. Thank you very much for your feedback; I'll make sure to include it.

As you continue to build out your multi tenant application, please continue to post on the forum about your progress and/or any other questions. 🙂

We often hear our multi tenant support is a differentiator for FusionAuth, and would love to make it easy/clearer for everyone.

Both the API and the UI can pull User Data.

Via API

Docs are here:

https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users https://fusionauth.io/docs/v1/tech/apis/users/#elasticsearch-search-engine

Via UI

The functionality is nested under the user tab on the upper left nav.

From there click on the advanced button. From there you can enter your query in the search bar. Note: If you want to see how the query is constructed, there is also a toggle - Show Elasticsearch Query https://fusionauth.io/docs/v1/tech/core-concepts/users/#user-search can guide you through a simple user query.