RE: Implementing GitHub-like "Personal Access Tokens"

@mou I don't think there is anything that would allow you to create a personal access token as you are describing it. You may be about to "workaround" that by managing the token a bit. Since the user has to login to get the token, you could get the personal token and embed the user name. i.e. on the getoken your code could get the token for the user and then append the email before you sent it to the client. It would look something like:

user:john@example.com

Get Token -> x12345y

Append User: john@example.com:x12345y
base64 encode: IGpvaG5AZXhhbXBsZS5jb206eDEyMzQ1eQ==

give that to the user, then in your app, when you receive it, base64decode it, giving you the username and token for the user.

Is that something that might work for you?

@mou Did you get to the bottom of that page? (Enabling Authentication Tokens and Generating Authentication Tokens). Those are per user. Is there a reason this won't work?

I did see this note that might help your use case.

Note that you must provide a valid API key unless you’ve also unchecked the Require an API key setting in the Login API Settings.

@hendrik-ebbers I am a little confused on the ask. I'm a little confused on your ask. It sounds like you want a user to be able to log into a webpage and then be able to call your apis? Would they call the apis from an interface you provide in the web application or from some other application?

@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens

@gean-ivamoto Hmm. Seems like a good feature request. Can you please file one here: https://github.com/FusionAuth/fusionauth-issues/issues/

@brad Interesting. The error message Connection is not available, request timed out after 155614ms makes me suspicious, but I hear you.

I'm not familiar with the performance characteristics of Aurora, to be honest. We definitely have some folks running FusionAuth with that as their database, but it isn't typical and is not listed as a supported database.

You could try tweaking some of the database connection pool settings mentioned here: https://fusionauth.io/docs/reference/configuration

I'd also suggest googling around to see whether anyone else has issues with Hikari (our connection pool software) and the version/engine of Aurora that you are using.

Finally, if you have a plan that includes engineering support, I'd encourage you to open a support ticket.

Roles are associated with applications and users, whereas grants are associated with users and entities.

To find all users with role X or grant Y, you'd need to make two different search calls like this:

By Entity

GET/api/entity/grant/search?entityId={uuid}

By User

GET/api/entity/grant/search?userId={uuid}

You don't need to maintain a separate database.

Here's an example of a grant search for a user: https://fusionauth.io/docs/apis/entities/grants#search-for-grants

If you search for the string Example JSON in the page you will also see the link to Entity APIs

Hi @brad ,

From here, it looks like the database was unavailable or FusionAuth ran out of connections.

@brad said in FusionAuth server completely locked up:

Caused by: java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 155614ms.

This can be caused by lambdas or connectors that are too slow to respond or are blocked from responding. It also can happen if FusionAuth is under extreme load and the database is undersized.

@kasir-barati Makes sense. Thanks for the feedback!

@kasir-barati Can you be more specific about your question?