An FYI for anyone reading this in the future. The kafka integration does have been revised and include a docker based example.
-
RE: Looking for docs on configuring webhook for kafkaposted in General Discussion
-
RE: Having an issue with nginx in front of FusionAuthposted in Q&A
Ah, the answer is that Nginx defaults to HTTP/1.0 and if you are on a recent version of FusionAuth, this protocol is not supported by our HTTP server (HTTP 1.1 was, after all, released in 1997
).The remedy is to update your Nginx configuration to use a later protocol with this change:
proxy_http_version 1.1;Hope that helps.
-
Having an issue with nginx in front of FusionAuthposted in Q&A
I use FusionAuth with nginx as a reverse proxy in front of it. After upgrading to version 1.41, I see this error message:
2022/11/28 01:59:25 [error] 28#28: *1 upstream prematurely closed connection while reading response header from upstream, client: 192.168.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://192.168.0.2:9011/", host: "localhost"This was working before I upgraded. I was using version 1.36 before.
-
RE: Blocking domains from registrationposted in Q&A
the built-in domain blocking is documented here: https://fusionauth.io/docs/v1/tech/advanced-threat-detection/#registration-domain-blocking
However:
- It only blocks specific domains so you can't block 'all domains except '
- It requires an enterprise license
As an alternative, consider a registration transactional webhook which could examine the domain provided by a user and fail if it didn't match a list of your domains: https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-registration-create
-
Blocking domains from registrationposted in Q&A
How to restrict registration by email domain ?
I seen "Blocked domains" in the Tenant Security settings but I would like to deny all domains except some client domains?
from https://github.com/FusionAuth/fusionauth-issues/issues/31
-
RE: Migrating from mysql to postgresqlposted in Q&A
Thanks for the update. We're bummed that we can't include the mysql connector as part of the docker image.
If FusionAuth is stuck in maintenance mode, this thread might prove useful: https://fusionauth.io/community/forum/topic/135/can-t-get-by-maintenance-mode
Can you give me any more details about the issue?
-
RE: Pending link with manual completionposted in Q&A
@justing said in Pending link with manual completion:
I want to allow a logged in user to link with a third-party identity provider so my app can get a token for that provider.
I'm not sure I understand.
Say you are using the OIDC identity provider. You want your user to log in with OIDC, and later be able to get am access token.
If that is what you are trying to do, you can use the normal linking strategy (link on email) and a long lived refresh token will be stored on the link object.
From https://fusionauth.io/docs/v1/tech/apis/identity-providers/openid-connect
FusionAuth will also store the refresh_token returned from the external OpenID Connect provider, if such a token is provided, in the identityProviderLink object. This object is accessible using the Link API.
Later, in your app, you can then retrieve that token for the user using the Link API, present the refresh token to the OIDC provider and then get your access token.
Each identity provider tries to store a long lived token, but they all differ slightly in terms of what is available. Consulting the API documentation is your best bet.
Pending links are used when you are trying to link a fusionAuth user user with an account managed by an idp, but you don't have a convenient way to tie them together (like an email address or username that is the same in both systems).
Does this help?
-
RE: Password change deletes sessions?posted in Q&A
@trevorr said in Password change deletes sessions?:
If possible in the future, it would be great to be able to control that per-password change. It's the right behavior for changing a potentially compromised password, but not for setting an initial password. Of course, my app could also revoke the refresh tokens explicitly.
Makes sense. Please feel free to open an GitHub issue outlining your use case: https://github.com/fusionauth/fusionauth-issues/issues
-
RE: Password change deletes sessions?posted in Q&A
@trevorr Hiya!
It is a setting on the tenant, the
Refresh token revocationfield.It's documented here: https://fusionauth.io/docs/v1/tech/core-concepts/tenants#refresh-token-settings (look for a couple of checkboxes, and uncheck 'on password change'. There's a corresponding setting in the Tenant APIs: https://fusionauth.io/docs/v1/tech/apis/tenants :
tenant.jwtConfiguration.refreshTokenRevocationPolicy.onPasswordChanged.Thanks for using FusionAuth. Hope FitFinder is going well!
-
RE: where did the dashboard go?posted in General Discussion
@richb201 Heya, you need to start or install FusionAuth. It's a program like MS Word or your web browser. If you haven't used it in a while, it might be stopped.
How you start it depends on how you installed it. https://fusionauth.io/docs/v1/tech/installation-guide/ has some of the methods.