We just published a flutter tutorial that might be worth reading: https://fusionauth.io/blog/2020/11/23/securing-flutter-oauth/

If this is a new install, this is expected. During startup, FusionAuth goes into maintenance mode and reports back on the state of the system.

If you are in silent mode, the index will be created for you, if you are not in silent mode, FusionAuth will have entered an interactive startup mode and it is sitting on a prompt for you to create the Elasticsearch index.

More on silent mode.

@aartiyadavpersonal said in Advice in Python Flask Framework:

flask framework based projects?

Here are a few of them:

Weather App using Flask Full Stack Social Network App Portfolio Website using Flask Rest API with Flask Feedback Form using Flask Deploy Machine Learning Models using Flask Blog App using Flask

Also, you can start with these tutorials.

Hiya,

We don't guarantee any database level compatibility (which is why we recommend doing everything through the API, which does have those guarantees).

But here's an option. I'm assuming you are using MySQL. FusionAuth uses UUIDs for unique Ids, and in MySQL we store these as BINARY(16).

If you want to select this value in a human readable form, you can perform a select such as SELECT HEX(id) FROM table_name.

If you want to select this column and deserialize it into a Java UUID type, you can use code similar to the following:

public UUID fromByteArray(byte[] ba) { long msb = 0; long lsb = 0; for (int i = 0; i < 8; i++) { msb = (msb << 8) | (ba[i] & 0xff); } for (int i = 8; i < 16; i++) { lsb = (lsb << 8) | (ba[i] & 0xff); } return new UUID(msb, lsb); }

Another option, depending on your data size, would be to export all the data using the relevant APIs, and import it into your analytics database.

No, we are not currently ISO 27001 certified. We are currently progressing toward SOC2 certification. You can see more about standards and compliance here: https://fusionauth.io/features/security-data-compliance/

If you choose this edition, you are charged the monthly fee for the lifetime of the application. The pricing calculator reveals what expected costs are.

Having this edition enables access to the premium features currently available and any other premium features developed in the future.

You are, of course, able to change editions if your needs change.

This should work. (For example, 1.20.1 fixed an issue with the twitter api not firing: https://github.com/FusionAuth/fusionauth-issues/issues/937 and I'd expect Facebook to work as well.)

Can you please share more details about your configuration?

what version of FusionAuth are you running how did you set up your webhooks? does the 'send test webhook' work? do any webhooks fire for any events at all? does any social login fire the user.create.registration webhook?

If you use the advanced registration forms, you can edit user data now. This was recently released as a premium feature (requiring a paid license; more info here).

More info on setting up the user data editing screen: https://fusionauth.io/docs/v1/tech/guides/advanced-registration-forms/#editing-user-data-in-the-admin-ui

We have users that have been successful in configuring with AD v2. We have not yet tested or updated the documentation.

This may be helpful. https://github.com/FusionAuth/fusionauth-issues/issues/855

This is configurable. Go to https://fusionauth.io/docs/v1/tech/core-concepts/tenants/#jwt (though the screencaps are a bit out of date) but you’ll go there in your instance.

You’ll see refresh token settings.

If you’re using a fixed expiration, then it never expires based on last usage, but just based upon time since it was issued.

If you’re using a sliding window expiration, then it will expire based upon the time since it was last used.

@jbradford Another option, is if you're on the login page, you can add &showPasswordField=true to the URL and that should render the login form with the option to add a password.

Related GitHub issue: https://github.com/FusionAuth/fusionauth-issues/issues/995

I get an email that does not correspond to the application that initiated

Can you provide the applicationId when you initiate the forgot password flow?

I will just toss out some thoughts I have on in-house solutions:

It will probably take about 8-12 months total to fully implement and test a custom IdP with OAuth, OIDC, SAML, etc. (plus ensuring it is FIPS or SOC2 compliant) You’ll have to pen test regularly You’ll probably need a security audit on it yearly You’ll need to engage security researchers to continuously audit your code, APIs, etc. (pen testers are fine but security researchers find things pen testers don’t) You’ll need to monitor CVEs and new exploits to ensure you are safe (at the network, server, and app levels) You’ll need to maintain it for as long as it is in use You’ll need to keep it compliant with new specifications and security standards

Undertaking these tasks can work for some teams, but walk into it with eyes wide open. Nobody likes to have their auth credentials stolen, and you need to spend time and money to prevent it.

More here: https://fusionauth.io/upgrade/from-homegrown/

Hi @curtis-ruck ,

I think this would be a couple of new features:

detecting need for password change (and informing the user) allowing the user to change their password in ldap through FusionAuth

Would you mind filing them here? https://github.com/fusionauth/fusionauth-issues/issues

Or, if you have a support plan, please file a ticket here: https://account.fusionauth.io/account/support/

Hiya,

I think we'd need a bit more information to help debug the situation. Useful info to share:

What you are trying to do, specific step by step of clicks you make, APIs you’ve called, configuration you have, things you’ve changed, etc. More information is better. For example, what you are seeing, specific panels in the UI, API status codes, errors, screenshots, etc. We want all of it. What you expected to see. Sometimes this is obvious, and sometimes it isn’t. Err on the side of over sharing. What you've tried already. Sometimes this can help us narrow down the issue more quickly. The version of FusionAuth you are using (this information is available on the admin screen in the lower left hand corner). The number of FusionAuth nodes you are running in your deployment. Information about supporting infrastructure such as the database and elasticsearch, including the version and architecture (is the database local, cloud managed, etc). All FusionAuth log files you can provide. Please don't provide snippets because often the issue won't be in the snippet but somewhere else in the logs. Providing us with complete log files upfront helps us track down issues faster. And you'll avoid getting replies like "please send the complete log files". Of course, please remove any sensitive information from the log files.

Yes, you can have FusionAuth simply federate identity and not hold anything permanent in its own datastore. SSO should work in that case.

Two options:

If your existing user store can speak SAML or OIDC, you should be able to use an identity provider https://fusionauth.io/docs/v1/tech/identity-providers/ You would need to modify the theme and you'd probably want to use a hint. If your existing user store can speak LDAP or a JSON API, you can use connectors without migrating (this is a feature for which you must buy at least a developer license, starting at 125/month, more here: https://fusionauth.io/pricing/ ). Here's more on connectors: https://fusionauth.io/docs/v1/tech/connectors/

In both these cases, FusionAuth communicates with your userstore through some kind of facade, not directly with the database. Such direct database access isn't supported.

I'm not sure how this will work for all aspects of FusionAuth (password expiration, passwordless, etc) but for the main login flows it should work great.

@dan Gotcha! Thanks for pointing that out in the docs. I think for now I will handle limiting the search in my app's business logic because I can't justify the Elasticsearch overhead just yet - but I'll keep the option in mind. Thank you!

Works perfectly. Much appreciated!

Hiya,

I'm not sure, haven't done much with k8s. From a quick google, it looks like you might use helm upgrade?

https://helm.sh/docs/helm/helm_upgrade/

For exporting changes, it depends on how you make the changes. There's a community supported terraform module, but it doesn't cover all the apis (PRs welcome!).

You could also script all your changes using the API and apply those scripts to different environments. We mostly see folks writing migration scripts that call the APIs. These are very similar to database migration scripts except they make REST calls instead of SQL. The scripts are run during upgrades of their app. (If you are using an app like rails, you could even leverage the existing migration framework and a client library.)

Kickstart works well for dev envts and CI, but doesn't handle changes (it assumes there is no data in fusionauth and won't run if it sees any).