The best solution is to migrate first name and last name from your previous provider.

I don’t know of any other options. Apple is stingy with those details about the user.

Yes, you can disable one or more applications.

This operation can be reversed, and while an application is disabled, login requests to fail with a 400 error for all users.

Navigate to "Applications -> Deactivate (gray button)" to disable/deactivate an application.

To re-enable it from the admin UI, you'll need to 'view inactive', which is the button next to the green '+' sign on the list applications page.

This functionality doesn't exist in the FusionAuth admin screens, please feel free to file an issue with a detailed use case if you feel it should.

For registrations, you can look at the date the application registration was created using the User Search API. You'll probably want to use a date range.

For logins, you can review and search all login records by going to "System -> Login Records". However, one could build something with more granularity using the FusionAuth APIs.

This API documents how to pull down the log in data for a given date range. This doesn't include the full user object, but does include the user id. From there you could use the user api to pull down the entire user object.

Also, please note that login records may be deleted after a certain period of time, based on your system settings. This deletion is controlled in the admin UI, under "Settings -> System -> Advanced -> Login record settings" and would impact your ability to query login data in the past if enabled.

Hiya,

Unless you want to use the premium features of FusionAuth, this usage would be allowed under the FusionAuth license and you could use the community edition to host it for free.

Here's a license FAQ that hopefully makes things more clear.

Hi @harunkilic ,

Welcome to the FusionAuth community! I am glad you like the software.

You can't create group fields. What you can do is assign roles to a group. If a user is in that group and registered for an application with those roles, they will assume the roles. For example:

User A is in Group B. Group B has roles 1, 2, and 3. Role 1 is in Application Z. Role 2 and 3 are in Application X.

If user A is registered for application X and is in Group B, they will have roles 2 and 3. They won't have role 1 because that is associated with application Z, which they are not registered for.

You can't build your own entities, though that is on our roadmap. Follow this issue to be updated on when that feature is implemented. Full transparency, it will likely be a feature limited to our paid editions; learn more about our paid editions here.

Whether groups make sense depends on a lot of things.

Some questions to consider:

Are you limiting application access by group? Are you going to be using the API to do so, or do you want to have the information in the JWTs and available after authentication? Does each company have an application? Are you going to use the hosted login pages or build your own?

I can't give extensive architectural advice, but maybe if you talk a bit more about your use case the choice will be clearer.

Yes we support this. These docs should help you through this process.

https://fusionauth.io/docs/v1/tech/identity-providers/apple/#building-your-own-integration

https://fusionauth.io/docs/v1/tech/apis/identity-providers/apple/#complete-the-apple-login

From the latter doc:

Using this API you can pass that id token returned from Apple to FusionAuth and we will complete the login workflow and reconcile the user to FusionAuth.

Reconciliation means that the user is created in FusionAuth if needed, a JWT is generated, and a login session is created as well. They will essentially look like any other FusionAuth user.

Each user is unique within a tenant by email address. If a user in the same tenant wants to login with Facebook, Google, or LinkedIn, it will be the same User object.

This exception is caused by the fact that your objects in elastic now have two different schemas (one with the number, one with the string). You need to manually fix that; one way to proceed might be to access elastic directly and remove that one user.

Then you'll need to reindex; here's more on that: https://fusionauth.io/docs/v1/tech/core-concepts/users/#reindex

That is correct. If one user logs in 1,000 times on Feb 9, 2021, it is one active user for that report. The login count report would show 1,000 (assuming no other users logged in) but the DAU report would display 1.

Hi @tweber ,

Welcome to the FusionAuth community! I hope your tire kicking has been fruitful.

Prefilling form fields isn't currently possible.

I think it'd be a great feature. Please file a feature request so we can integrate it into the roadmap.

You can use a 'soft delete'.

Whenever you delete a user with the API without using hardDelete=true, the user is not able to login, but will still be visible in the API and the management UI.

See https://fusionauth.io/docs/v1/tech/apis/users/#delete-a-user for more.

Hi @sferry ,

Welcome to the FusionAuth community!

As far as gathering up all the roles into your JWT, you should be able to do that.

Make sure that your users are registered (in FusionAuth) for all the applications to which they have access. Set up a JWT populate lambda to pull the various roles from the registrations object provided to you and put it into your JWT. You have the user object, which has the registrations object on it, which has all the roles the user is assigned at login time. More on a lambda here: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/ Consume the JWT and check for proper authorization.

FYI, if you want architecture advice from FusionAuth engineers, that's available when you buy an edition with support included. More on technical support options here: https://fusionauth.io/technical-support/

HTH.

Dan

My guess is that this version of MySQL on Digital Ocean is using MySQL Group Replication which is not supported.
https://fusionauth.io/docs/v1/tech/installation-guide/system-requirements/#database

Group Replication performs replication under the requirement that each table have a primary key, which we do not.

You can use a managed database that uses a different strategy for replication, or use PostgreSQL.

@aivanov here's the link to create the issue: https://github.com/fusionauth/fusionauth-issues/issues

If you create this, please reference this forum post so the implementor has more context.

@hd_steve did you get this resolved?

You'll need to have some kind of mapping between the tenant/application/client_id and the referrer/hostname value.

You can maintain this in a number of places, but at some point in the code, foo.example.com needs to be turned into 9d92ca33-bc7b-4d13-acd7-f7dc06038396 or whatever the application id is. (Typically the application id will be enough if you are doing just authentication/authorization. If you are doing more user management, you may need the tenant id. The principles are the same.)

And the same thing needs to happen with bar.com.

Some FusionAuth users perform this mapping at the network proxy layer, using nginx or somethign similar. If you self host, that is an option.

You can store this mapping in your own datastore and expose this mapping as an API to be retrieved in middleware.

You can pass this data from the initial authorize request to the token retrieval request (commonly called oauth-redirect in our example apps) using the state parameter and then do the lookup there.

You can also store that value in FusionAuth on the systemConfiguration.data field.

It's really an implementation choice, but at the end of the day, there's no automated mapping between the hostname where the user facing application lives and which FusionAuth application corresponds to it.

We do have an open feature request that would do this mapping (see point 5 in this issue) but it is not on the near term roadmap.

There is no official support for Heroku at this time. Follow along on this issue (and vote it up if this is important to you) if you'd like to know when such support happens.

However, there is a community supported project with a "Deploy to Heroku" button. This is provided and tested by a community member.

You are trying delete the field, instead of just removing it from a form. You cannot delete a field when a form is using it.

If you do not want a field displayed, you must remove it from a form.

Then, if you would like to delete the field definition you may.