• RE: Is it possible to limit the number of devices a user can login with?

    This might be useful for visitors in the future: https://fusionauth.io/docs/extend/examples/device-limiting

    posted in Q&A
  • RE: how to implement user invitation

    Hiya @kasir-barati ,

    You can certainly use just a subset of known invite codes. In that case, no need to store the codes on the user.

    Instead, add an array of codes in the self-service registration lambda and have a step check to see that the user provided code value matches one of the known values in the array.

    posted in Q&A
  • RE: how to implement user invitation

    This isn't out of the box, but is relatively easy to implement.

    • After each user is added successfully, create a list of codes in their user.data.inviteCodes field (which can be an array). It's a good idea to have the codes be alphanumeric because FusionAuth's elastic search indexing handles those types of values best. Let's call this user the inviter user. Make sure each code is unique across all users.
    • When a user tries to register with a code, let's call that user the invitee user.
    • Build a page in your application to display the list of user.data.inviteCodes to prospective inviters.
    • Create a custom registration form and have one of the fields be an invite code, to be provided by the invitee user (because they got it from the inviter user).
      • You could prepopulate this via a link by customizing the theme and having javascript pull the value from a query parameter and put it into the form.
    • Create a self-service registration validation lambda.
    • In that lambda, search for the code.
    • If it is not found, add an error. This error will prevent the user from registering.
    • If it is found, take the following steps:
      • Allow the registration to succeed.
      • Add a webhook to listen for the create user event, which reads the invitation code.
      • From the webhook, update the inviter user to remove the used code from the user.data.inviteCodes, which means that code can't be used by future invitees.
      • That same webhook can update the invitee's user.data.inviteCodes field so that they can now become inviters (or maybe that happens later, depending on business logic).

    If invitees use the same code within time period the elasticsearch index is updated (usually 1 second), there may be a race condition that would allow two invitees to register with the same code.

    If absolute isolation in the invite code processing is important, use Lambda HTTP connect in the self-service registration validation lambda to check if a code is valid, and have that read from an RDBMS.

    In this case, you'll need to provide the code and the inviter email address in the form so the lambda can provide it to the API. These fields can both be hidden.

    You can also consider adding an expiry timestamp to the user.data.inviteCodes if that functionality is needed.

    Here's an example of the user.data.inviteCodes value:

    "inviteCodes" : [
     { 
       "invcode": "abc123",
       "exp":  1712679467
     },
     {
       "invcode": "234jklasdf",
       "exp":  183678467
     }
    ]
    

    And here's an example of a queryString that will pull the user with the abc123 invite code, or return zero records if that is not found.

    data.inviteCodes.invcode:abc123
    

    Read more about elasticsearch arrays.

    posted in Q&A
  • how to implement user invitation

    I have an application that I want to invite users to and want users to be able to invite users to. I do not want to allow users to register for this application without being invited.

    I've seen: https://fusionauth.io/community/forum/topic/935/how-to-implement-user-invitation but was wondering what the current best practice is.

    posted in Q&A
  • RE: Random Unavailability of Dedicated FusionAuth Instance from GKE (Impacts Site Availability)

    @jacob-0 Sorry to hear you are having issues. Thank you for the detailed post explaining it. Unfortunately, random unavailability can be very difficult to troubleshoot.

    Based on your explanation, it seems as though the instance is available from outside the GKE cluster. Could this be an issue with one of the pods going down and being restarted and the internal networking not recognizing the change? I don't quite see how it would still work from the outside, but is there any evidence of pods restarting around the down time?

    posted in General Discussion
  • RE: Performance issues when retrieving applications

    @yuriy-barvenko Performance tweaking can be tricky. It really depends on what your goals are. If you create indexes to improve searching things, it could slow other things down like the login. It may also depend on which database you are using. What DB are you using? What is the purpose of the information you are trying to get? Does it have to be real time? Are there alternatives like data dumps that you could use? Also, you say "the response times are significantly higher than expected." What is this based on? How many users and roles do you have in the system and what is the expected response time? What is the requirement for response time vs what is expected?

    posted in Comments & Feedback
  • RE: Access redirect_uri from accountTwoFactorIndex

    @bill-yudichak Can you please get us a little more detail. A screenshot may help. I do not see a "Go Back" link when I enable multi-factor for my app. Also, what is the accountTwoFactorIndex template you are referring to?

    posted in Q&A
  • RE: Connector not persisting claim

    @helzgate I was focusing on your issue with the lambda not firing. You are correct in that you do not have access to the url in the lambda.

    Let's take a step back here and take a look at the connector. Can you tell me how that is set up and what values are being returned from it? I'm thinking you may be able to add the return_url in the values returned from that.

    posted in Q&A
  • RE: Connector not persisting claim

    @helzgate Just to verify, is this a JWT Reconcile lambda (you may need to try External JWT Reconcile as well depending on what you are doing)? And you have it assigned to your applicaiton?

    Screenshot 2024-03-25 at 2.50.56 PM.png

    Screenshot 2024-03-25 at 2.54.05 PM.png

    Beyond that, I think I need a little more detail on exactly how you have things set up. What are you trying to migrate from? That sort of thing.

    posted in Q&A
  • RE: Back to maintenance mode

    @marshsouvlakia What version of mysql are you running? Were there any updates recently? Anything that may have changes from when it was not working to now? Have you tried a restart?

    posted in Q&A