1. Home
  2. Groups
  3. Power User
Group Details Private

Power User

Helpful folks who know a lot about FusionAuth

Member List
  • RE: Tenant Issuer configuration might not follow the OIDC specification

    @cabaral109 @mark-robustelli after spending few hours debugging issue with openid-client I found this topic and lack of the protocol part in the issuer field to be a reason. I've just submitted the issue at: https://github.com/FusionAuth/fusionauth-issues/issues/3021

    posted in Comments & Feedback
    M
    maciej.wisniowski
  • RE: How to deal with sign-up spam?

    @theogravity-sb Hmmm. So the issue is that someone is registering with a gmail account they control but it looks like this:

    foo@gmail.com with a name of <Dan https://evil.com> which is being turned into a link?

    Or am I misunderstanding your question?

    posted in Q&A
    danD
    dan
  • RE: How to deal with sign-up spam?

    You have a variety of ways to approach this, with different tradeoffs around functionality, effort and cost. It also matters if the spam accounts are being signed up for by humans or bots.

    • use a webhook to prohibit bogus users from being created by setting the user.create webhook to be transactional. You'd then write a service that could examine the user object, including email address or other attributes, and return a non-200 value to fail their creation. Details on webhooks. This is available on the community plan.

    • use email verification to prevent spam users without an email inbox from using your application. Details on configuring this functionality. This is available on any paid plan.

    • use a self-service registration lambda, and examine the email address and other information for a user. If a user is obviously bogus or matches a pattern, you could return a message stating they can't register, or to call you for assistance. Details on using this lambda. This is available on any paid plan.

    • turn on CAPTCHA which will make it harder for bots to sign up. This requires an enterprise plan.

    posted in Q&A
    danD
    dan
  • How to deal with sign-up spam?

    I have self-service registration turned on. I am getting some valid users, but a bunch of spam accounts.

    What is the best way to deal with this?

    Thanks!

    posted in Q&A
    danD
    dan
  • RE: Unique username and email at the same time

    @kasir-barati Hiya, welcome to FusionAuth. Sorry, just ran across your forum post today.

    There is no way to assign constraints to user.data fields within FusionAuth, but there is an open issue that I encourage you to upvote.

    You can require usernames to be unique in a tenant, using the Unique usernames setting. It is, however a feature which requires a paid plan.

    Another alternative, rather than

    fetching all users and then looping over users
    would be to search for the username before creating the user. Using the search functionality that wouldn't require scanning all the users. You can use a transactional webhook to fail user creation if your uniqueness rules are not met.

    posted in Q&A
    danD
    dan
  • RE: Failure when starting FusionAuth in Docker on Mac M4

    This is due to a bug in the openjdk java library that the docker image uses. You can learn more about the bug here and track our fix (which looks like upgrading the java image our docker file users) by following this bug.

    Until then, the workaround is to pass this java argument at start time:

    -XX:UseSVE=0

    This argument disables the use of the SVE extension, which is provides "better data parallelism for HPC and ML".

    You can do that with the FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS environment variable in your Dockerfile. Here's an example:

      fusionauth:
    # ...
    environment:
      # ...
      FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS: -XX:UseSVE=0
    posted in Q&A
    danD
    dan
  • Failure when starting FusionAuth in Docker on Mac M4

    When running FusionAuth in Docker on an m4 mac, I see this error:

    # A fatal error has been detected by the Java Runtime Environment:
#
#  SIGILL (0x4) at pc=0x0000ffff8d33fc5c, pid=1, tid=21
#
# JRE version:  (21.0.4+7) (build )
# Java VM: OpenJDK 64-Bit Server VM (21.0.4+7-LTS, mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
# Problematic frame:
# j  java.lang.System.registerNatives()V+0 java.base
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  S U M M A R Y ------------

Command Line: -Dfusionauth.home.directory=/usr/local/fusionauth/fusionauth-app -Dfusionauth.config.directory=/usr/local/fusionauth/config -Dfusionauth.data.directory=/usr/local/fusionauth/data -Dfusionauth.log.directory=/usr/local/fusionauth/logs -Dfusionauth.plugin.directory=/usr/local/fusionauth/plugins -Djava.awt.headless=true -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED -DfusionAuthApp87AFBG16 -Xmx512M -Xms512M io.fusionauth.app.FusionAuthMain

Host: AArch64, 14 cores, 7G, Ubuntu 24.04.1 LTS
Time: Wed Jan 22 12:35:29 2025 UTC elapsed time: 0.025614 seconds (0d 0h 0m 0s)

---------------  T H R E A D  ---------------

Current thread (0x0000ffff9802c010):  JavaThread "Unknown thread" [_thread_in_native, id=21, stack(0x0000ffff9e152000,0x0000ffff9e350000) (2040K)]

Stack: [0x0000ffff9e152000,0x0000ffff9e350000],  sp=0x0000ffff9e34e000,  free space=2032k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
j  java.lang.System.registerNatives()V+0 java.base
j  java.lang.System.<clinit>()V+0 java.base
v  ~StubRoutines::call_stub 0x0000ffff8d337144
V  [libjvm.so+0x8338d8]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x218
V  [libjvm.so+0x80f488]  InstanceKlass::call_class_initializer(JavaThread*)+0x284
V  [libjvm.so+0x8101a8]  InstanceKlass::initialize_impl(JavaThread*)+0x528
V  [libjvm.so+0xdc7138]  Threads::initialize_java_lang_classes(JavaThread*, JavaThread*)+0xe8
V  [libjvm.so+0xdc9104]  Threads::create_vm(JavaVMInitArgs*, bool*)+0x3f4
V  [libjvm.so+0x8c68d4]  JNI_CreateJavaVM+0x80
C  [libjli.so+0x8bac]  JavaMain+0x7c
C  [libjli.so+0xc20c]  ThreadJavaMain+0xc
C  [libc.so.6+0x8597c]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  java.lang.System.registerNatives()V+0 java.base
j  java.lang.System.<clinit>()V+0 java.base
v  ~StubRoutines::call_stub 0x0000ffff8d337144

siginfo: si_signo: 4 (SIGILL), si_code: 1 (ILL_ILLOPC), si_addr: 0x0000ffff8d33fc5c

Registers:
R0=0x0000000000000000
R1=0x0000000000000000
R2=0x0000000000000000
...

    What can I do?

    posted in Q&A mac failure java
    danD
    dan
  • RE: Does FusionAuth have a health check endpoint on the API?

    As of 1.51.1, we now have a dedicated health check API endpoint:

    https://fusionauth.io/docs/apis/system#retrieve-system-health has more details

    posted in Q&A
    danD
    dan
  • RE: Does FusionAuth use Apache Struts - vulnerability scanning issue

    Hiya @maciej-wisniowski !

    We do not use Apache Struts in FusionAuth.

    Hope that helps.

    posted in General Discussion
    danD
    dan
  • RE: Password confirmation for authenticated users

    @pacheco-eaguiar maybe you can use the Login API in the backend to verify user's credentials: https://fusionauth.io/docs/apis/login

    posted in General Discussion
    M
    maciej.wisniowski