Thanks for the question. If I am understanding correctly, if you are expecting a certain attribute to be returned in an AuthN response, this would require additional configuration on the part of Google. Is there a configuration tool on that side to add an additional attribute to be sent in an AuthN response?
Thanks,
Josh
Hi @josh-dura -
Is this still an open issue for you? The event logs are stored in the DB, so you should be able to access them by navigating in the admin UI ( system > events log ) to get a better idea of what might be occurring.
Thanks,
Josh
Can you please provide some context as to what you are looking to achieve?
Are you storing this data on the user.data.* fields? How are you storing this data/arrays programmatically?
Thanks,
Josh
Hi @cgonzalez
Can you confirm how quickly you are completing the exchange for a token using the code?
"auth_code_not_found"
The code may not be available if:
Thanks,
Josh
@tashi This failure is related to how you are asking FusionAuth to complete the login.
For apple, you must complete a hybrid grant.
At a high level, here is how you will use the FusionAuth IdP Login API with Apple when you are not using our hosted login pages.
Please also note that Apple has a separate configuration for Web and Mobile-based authentication. There are a few open issues that may be worth reviewing as well and could be influencing the behavior you are seeing
Josh
@markdoner27 This is a far-reaching question. Please feel free to post your question specifically as it relates to FusionAuth and we may be able to provide additional feedback.
-Josh
Just checking in, albeit a bit later than anticipated. Was this resolved for you on the latest version of FusionAuth
-Josh
This can be solved by using client-side validation in your theme for the corresponding forgot password page. On the authorize page you would pull in JS to check the users email in any manner you see fit.
https://fusionauth.io/docs/v1/tech/apis/themes
https://fusionauth.io/docs/v1/tech/themes/
Josh
@justing said in Pending link with manual completion:
I want to allow a logged in user to link with a third-party identity provider so my app can get a token for that provider.
I'm not sure I understand.
Say you are using the OIDC identity provider. You want your user to log in with OIDC, and later be able to get am access token.
If that is what you are trying to do, you can use the normal linking strategy (link on email) and a long lived refresh token will be stored on the link object.
From https://fusionauth.io/docs/v1/tech/apis/identity-providers/openid-connect
FusionAuth will also store the refresh_token returned from the external OpenID Connect provider, if such a token is provided, in the identityProviderLink object. This object is accessible using the Link API.
Later, in your app, you can then retrieve that token for the user using the Link API, present the refresh token to the OIDC provider and then get your access token.
Each identity provider tries to store a long lived token, but they all differ slightly in terms of what is available. Consulting the API documentation is your best bet.
Pending links are used when you are trying to link a fusionAuth user user with an account managed by an idp, but you don't have a convenient way to tie them together (like an email address or username that is the same in both systems).
Does this help?
@trevorr said in Password change deletes sessions?:
If possible in the future, it would be great to be able to control that per-password change. It's the right behavior for changing a potentially compromised password, but not for setting an initial password. Of course, my app could also revoke the refresh tokens explicitly.
Makes sense. Please feel free to open an GitHub issue outlining your use case: https://github.com/fusionauth/fusionauth-issues/issues