RE: The request origin could not be verified. Unable to complete this login request with same-instance cross-tenant IdP federation

@hvfa At first glance this looks like a domain issue. Can you share an example of how your Authorized redirect URLs and Authorized request origin URLs are set up in relation to the applications. Please feel free to use example domains like https://domain1/ or https://domain2 and so on. It may also be useful to give the other OAuth settings for the applications as well (be sure to redact or obscure and sensitive information).

This is totally possible.

You want to start by understanding FusionAuth passkey setup and the normal flow.

Then, in your application, probably using one of the client libraries, you want to do the following for a user:

• see if a user has a passkey set up, using the "retrieve a passkey" API. If this returns 0 passkeys, show the prompt.
• for the prompt, you have two options:
  • use the API/client library to start the passkey registration process from within your application directly
  • send them to the user management page to add a passkey (requires a paid license)

The right way to do the latter depends on your application needs (are you okay with a redirect) and whether or not you have at least a starter license.

For reporting on the number of users that have set up passkeys, unfortunately you have to query all your users and then pull the passkey data individually. There's no way to use the elasticsearch syntax to do the query as of yet. There's an open github issue to add that functionality.

I have an application using FusionAuth, and I want to prompt my end users to set up passkeys. Having this authentication method will improve their security and ease their future logins.

I know I can enable passkeys for FusionAuth using the community edition license, but how can I add a prompt in my application code/UI to have them set it up?

@ralph Thanks for following up and sharing!

@ralph Are you getting the same errors? I did see a reference to trying pg_dump vs pg_dumpall. Can you try that and let us know if it works?

@james-hudson You may want to check out this blog post. Hopefully that can help.

@scottw Hopefully, I can get a little time over the next couple of days and see if I can duplicate it. I will let you know if I find anything. Anyone else seeing his behavior?

@rgros Do you have Debug enabled?

Then you should check your Event Log.

Let us know what you find.

@david-cuen Thanks for your patience and dedication to seeing this through. It would help a ton if you could find something reproducible. Let me know what you find and I can continue to try it on this end.

@david-cuen This is really weird. I was not able to replicate it. There is one more thing I may try later if I get some time. That is to make one template that big and try that.

In the mean time, I went back to look at the error message. "Premature EOF" and the fact that it was working on a windows box has be back to believing that a funky character or something is causing the error on the linux box. I wish we could narrow it down. Have you tried to install into another linux environment, EC2 for example, and see if you get the same issue? (That may tell us if it is a linux thing or if it is your one specific environment.) Also, someone mentioned to ask if you have any proxies running in front of FusionAuth?