RE: OAuth Complete Registration functionality breaks the authorization flow after upgrading to version 1.59.1

@atabakov Can you please share the settings for the application in that Admin UI? Please do not include any secrets.

As of 1.59.0 this is possible but it is slightly unintuitive how to do it. It’s entirely driven by the form being used. Here's how to do it:

• create a new user admin form: https://fusionauth.io/docs/lifecycle/manage-users/admin-forms
• make sure you omit the 'password' field from the form
• assign the form to your tenant
• create a new user

You can also create a user directly via the API with no password.

This functionality is now present in FusionAuth as of 1.59.0.

https://github.com/FusionAuth/fusionauth-issues/issues/484 is the tracking issue.

Yes, I believe so.

It appears that connecting MitID to an application (also called an SP) requires utilizing an approved broker. A broker is essentially an OIDC connector.

Here is a list of official brokers: https://www.mitid.dk/en-gb/broker/current-brokers/.

We haven’t tested this, but based on reviewing Signicat’s OIDC documentation, the process seems fairly straightforward. They are one of the MitID brokers.

Does FusionAuth support MitID which is a national digital id for Denmark?

@francis-ducharme-0 You may have to parse the json returned from the get and modify a few things. Does the application get created but not work or does the application not get created? I would think you would need to take the relevant parts from the returned application then create the application under a new tenant? Remember you will have to use the new TenantId in the Request Header. If you are not supplying the TenantId, it will use the default.

On a side note: If you are still interested in a duplicate application across tenant feature in the API, you might want to put a request in.

@sergey_smirnov, it is awesome that you are able to follow and create steps to replicate the issue. To be 100% I'm not sure if this is a bug or a feature request. If FusionAuth is not behaving as you would like it, I would suggest opening an issue on Github. Be sure to include the details and repeatable steps.

@francis-ducharme-0 Hey, after taking a look, it seems the only way to do it is to get the application you want to use, parse the JSON for the things you want to keep and then format new json for the create. So you can do it, it is just going to take a little extra work. Sorry for the inconvenience.

I'm not sure exactly what you are trying to accomplish, but have you checked out Universal Applications? A bit more documentation on them is available here.

@francis-ducharme-0 I was unable to tinker with this last week, but didn't want you to think I forgot about it. It is still on my list when I have some availability. Will post if/when I find something.

@michaelgaffney278 Is there a reason you would like to keep the existing users on the old hash? It doesn't seem like it. If you would like to rehash all users when they login, please check this out. It talks about rehashing all passwords for a custom hash, but if you select an existing hashing scheme, it should convert it as well. Is this what you are after?

I would think you could migrate all the existing users with your custom hashing, then at some point switch the hash setting and be where you want.

I would test this out before trying in production, but it may do the trick.