@cyrill-lippuner PR here: https://github.com/FusionAuth/fusionauth-site/pull/544

Thanks for the feedback!

How would I do this kind of search for users within a Postgresql database, I'm not using ElasticSearch.

Sorry, you cannot.

Unfortunately you can't search beyond fuzzy matching on the parameters listed in the database search documentation. If you have advanced search needs, we recommend running elasticsearch, which is extremely powerful and flexible.

Here's a tutorial on switching search engines: https://fusionauth.io/docs/v1/tech/tutorials/switch-search-engines/

No, Kickstart must be run on a pristine system. Please feel free to file an issue suggesting that functionality, though: https://github.com/fusionauth/fusionauth-issues/issues.

Yes.

The only thing you can't create via the API is another API key. You can track that functionality on this issue.

See the tenant documentation for more.

FYI a lot more FusionAuth Cloud details are available in the cloud installation guide.

FYI a lot more FusionAuth Cloud details are available in the cloud installation guide.

Darn API key permissions!!

shaking-fist.png

Thanks for trying out FusionAuth. The account management is mostly self service. If you log into your FusionAuth account you will find your deployment under the Deployments section.

https://account.fusionauth.io/

You should see an action on the deployment table to Destroy the deployment. This action will delete your FusionAuth Cloud instance and pro-rate a refund back to credit card.

If you are using Elasticsearch yes..

If you want to search for a username in a particular registration (for a particular application)

{ "bool" : { "must" : [ { "bool" : { "must" : [ { "nested" : { "path" : "registrations", "query" : { "bool" : { "must" : [ { "match" : { "registrations.applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32" } }, { "match" : { "registrations.username" : "bob" } } ] } } } } ] } } ] } }

Where the value for registrations.applicationId is the Id of your application and the username you are looking for is bob.

If you only wanted to search for a user with a username of bob you could just search on registrations.username:bob - but this would not limit the search to any particular application registration.

Yeah, that was it... I guess it was already late 😉

Two issues with the code snippet that are worth exploring:

hardDelete is supposed to be a query param

Delete requests should not have body in the request.

Find out more in the documentation for the User API

the difference between a JWT/access token and a refresh token is that a refresh token can be revoked. Every time you present it to the Identity Provider/OAuth server, the OAuth server can check to see if the user has been banned, signed out or otherwise invalidated that token. (You can revoke a JWT, but it's a pain, typically.)

A refresh token is an engineering tradeoff. Without refresh tokens, you would have two unappetizing alternatives:

an access token that lived for a long time. In this case, if the access token is stolen, the attacker has a lot of time to access systems (or you need to have some kind of access token revocation strategy, which degrades the value of stateless access tokens). requiring the user to sign in every time the token expires. That gets old if the lifetime of the access token is minutes or hours. I even get annoyed every time Google asks me to re-sign into gmail, which only happens every week or two.

The spec requires a client to explicitly request a refresh token. With FusionAuth you have to request the offline_access scope (which is common for other auth providers, but I wasn't able to find it in the RFC), so it's a way to offer more flexibility.

Hi @lucas-loreggia,

Unfortunately, this is not yet an option within FusionAuth but there is an open issue! See current discussion under issue 91. Please note, that the issue does document a workaround, using the API.

I should also point out, while not specifically the use case you are asking for here, we do have the ability to form roles, as mentioned at the bottom of the issues post.

I hope this helps!
Josh

There's additional localization and internationalization doc that was written recently here: https://fusionauth.io/docs/v1/tech/core-concepts/localization-and-internationalization/

There's additional localization and internationalization doc that was written recently here: https://fusionauth.io/docs/v1/tech/core-concepts/localization-and-internationalization/

There's additional localization and internationalization doc that was written recently here: https://fusionauth.io/docs/v1/tech/core-concepts/localization-and-internationalization/

Huh, yeah, that is weird. Not sure why there isn't a solid OIDC implementation for passportjs.

You could use the FusionAuth typescript client. It's open source; here's the github repo.

FusionAuth should be OIDC compliant so any NestJS example application that works with OIDC should be fine. Here are some posts to review:

https://sdoxsee.github.io/blog/2020/02/05/cats-nest-nestjs-mongo-oidc.html#add-oidcstrategy https://github.com/Finastra/finastra-nodejs-libs/tree/develop/libs/oidc https://github.com/panva/node-oidc-provider (a node OIDC provider)

As for why you might want to avoid okta, I would just advise looking at the pricing page before committing. 🙂

Hi @john-mooney!

My experience is limited in regards to an Azure cloud deployment, but I will try and assist as best able. I do have a few questions to ask to better understand your issue.

Do you happen to have any other logs which are outputting errors? If you had full logs of the database, app service, or anything else pertinent, that might be helpful in debugging. Do the logs show that all of your database connections are queued? There is a db connection pool that should be available, but if every connection is queued up/waiting, that might be telling. Does this happen only during certain times of the day and not others? At specified intervals? Under high demand/peak demand? How many active and total users do you have on this system? How many active and total tenants do you have on this system? How are you connected to your database? Azure lists a few different ways to configure a PostgreSQL server (server, flexible, hyper-scale). Additional details about your configuration could prove useful. Any other pertinent details about your network configuration and architecture could prove useful here. Are you setting any FusionAuth environment variables, if so which ones?

Thanks,
Josh

There are a number of things that might be causing this.

One thing to check is to see how many logs, debug, and other records your installation is holding on to. This can be reviewed by clicking under Setting -> System

I have attached a screenshot for your review.

logsettings2.png
logsettings.png

Finally, it might be useful to review your system architecture to ensure it is sized appropriately for the number of users you are hosting.

I hope this helps!

Thanks,
Josh

That is weird. It looks like the hikari pool is losing the connection to the database, which then means that the node can't check in, so it then gets killed.

I'm not sure why the pool would be losing the connection; hard to know what is happening.

If you have detailed repo steps (which it sounds like you do), please file a bug in the github issues.

I will say that kubernetes is being run by plenty of our customers and I haven't heard of this issue before, but would love to get to the bottom of this.