Here's the PR making the doc better:
-
RE: OAuth introspect endpoint works only with the credentials of the creator of the access token being verified
Also, why doesn't FusionAuth expose the default signing key, HS256, at http://localhost:9011/.well-known/jwks.json?
@fusionauth-qhj5e We don't publish the HMAC key to JWKS.json because if we did, anyone would be able to find it, and sign JWTs as your FusionAuth installation. HMAC keys should only be used when both parties can share a secret.
I'll update the docs to make that clearer. Sorry!
https://fusionauth.io/docs/lifecycle/authenticate-users/oauth/endpoints#json-web-key-set-jwks
-
RE: Changes not being applied
@sspinn Hiya, I'm in the admin console pretty regularly and haven't seen this behavior.
Can you narrow down the replication steps so we can try to recreate?
Which version of FusionAuth you are running and what database you are using will also be helpful.
-
RE: Can you move users from one tenant to another?
Another option that works as of today is to set up a tenant to tenant connector.
Add a connector to the new tenant. Point it at the /api/login endpoint of the old tenant, including an API key as a header.
Change your app to send everyone to a new application in the new tenant.
When the user logs in to the new application, if it is the first time they've been seen, the old tenant data, including password, will be queried. The password hash will be transparently migrated to the new tenant.
This slow migration takes time, but is another option.
-
RE: Using react app auth and react native and getting access to the profile pages
Hi @jamesbaxter . Sorry, just saw this now. I don't have the example app available. Sorry!
-
RE: Editing user data in the UI
When I navigate to the Reactor page, it shows that it's licensed with a Community Edition license.
Custom form fields require a starter license, and because you modified the form field names, FusionAuth thinks you are trying to use a custom form field. (Note, I'm not suggesting you buy a license--this functionality should work in community edition--but I wanted to explain why you are getting the message.)
With the move to 1.53.2 did you upgrade or use a new instance? If the former, does the issue still appear in a new install?
-
RE: ActiveDirectory access to FusionAuth
FusionAuth Cloud instances may or may not have static egress IP addresses; please open a support ticket with your instance name to learn more.
VPC peering is not currently supported, though that issue is the right one to follow for future developments.
You can also use an LDAP proxy to solve this issue.
FusionAuth -> LDAP proxy -> AD
where the LDAP proxy is in the DMZ and AD is configured to only talk to internal network values or the LDAP proxy.
Here's a StackOverflow post with more details.
-
ActiveDirectory access to FusionAuth
I want to lock down access between ActiveDirectory and FusionAuth running in the cloud. What is the best way to do that? Can I use VPC peering? It appears to not be supported: https://github.com/FusionAuth/fusionauth-issues/issues/1147
-
RE: Is there a way to see how advanced themes have changed between releases?
The best way to see this is to visit the theme history github repo.
It is mentioned in the theme upgrade documentation.
-
Is there a way to see how advanced themes have changed between releases?
I'm using advanced themes and want to see what has changed between releases so I can make sure to incorporate the changes in my custom theme.
What is the best way to see the changes?