Hard to know exactly what's going on.

I would try creating another tenant and seeing if the same SMTP settings fail. Then I'd try standing up a version with the very latest FusionAuth version and seeing if you see the same behavior.

Also, do you have the same tenant smtp settings? That is under the "advanced" tab, then "smtp settings".

I rolled back and installed an elastisearch container. Added the SEARCH_TYPE in the fusionauth deployment and mapped a service to the same RDS DB and it stood up without an issue. Something screwy in the way Fusionauth is connecting to either Postgre or MySQL.

I'm going to have to talk to sales as I want to enable the features temporarily to use it as a POC. Also so I can justify the cost per month for actual support beyond forums.

Thank you for your time.

h74frvvu1owb1.png

@richb201

The documentation says that this is optional. But not in my case.

Can you elaborate on where you found this in the doc?

The error should say missing "X-FusionAuth-TenantId"

Can you elaborate on this?

When I get back the "code" do I need to manually convert it to a token, or is this done automatically?

You may want to review our OAuth guide. Using a OAuth2 flow, it is common to have two separate endpoints (authorize and token) to obtain access. The "code" is returned from FusionAuth and is used (in conjunction with a few other possible factors) to obtain an access token (in our typescript client, this is the client.exchangeOAuthCodeForAccessTokenUsingPKCE function)

We do have a few tutorials as well, that show this in action (nodeJS tutorial being one of them)

Lastly, for general housekeeping's sake, this thread is getting a bit long, with a few related posts clumped together. For future questions, if the question is unrelated to the posts immediately above, it might be good to open a new thread.

It looks like setting the email address in a lambda works for Facebook now (as of at least 1.41.2):

if (!facebookUser.email) { user.email = facebookUser.id + '@no-email.facebook.com'; } 1/10/2023 10:10:33 PM Z Linking strategy [LinkByEmail] 1/10/2023 10:10:33 PM Z Resolved email to [] 1/10/2023 10:10:33 PM Z Resolved username to [null] 1/10/2023 10:10:33 PM Z Resolved unique Id to [115587478085870] 1/10/2023 10:10:33 PM Z Identity provider returned a unique Id [115587478085870]. 1/10/2023 10:10:33 PM Z A link has not yet been established for this external user. 1/10/2023 10:10:33 PM Z The user with the email address [] does not exist. 1/10/2023 10:10:33 PM Z Invoke configured lambda with Id [787cd34e-1618-4cd9-8156-936734cfe368] 1/10/2023 10:10:33 PM Z The lambda set or modified the initially resolved email. Email is now [115587478085870@no-email.facebook.com] 1/10/2023 10:10:33 PM Z Creating user: 1/10/2023 10:10:33 PM Z User is not registered for application with Id [e0da3f10-7efa-4a6b-95f8-fbf4894884b5] 1/10/2023 10:10:33 PM Z User has successfully been reconciled and logged into FusionAuth. 1/10/2023 10:10:33 PM Z Authentication type: FACEBOOK 1/10/2023 10:10:33 PM Z Authentication state: Authenticated

But if I put these in the application, won't this be a security problem?

If you put them in a javascript app, yes. But if they are in the php application only, then it'll be like a database password. Not really a security issue.

You could also inject them as an environment variable or pull from a secrets manager; however you manage your database credentials, I'd suggest doing the same with the client id/secret.

@cody Thank you for sharing!

@maciej-wisniowski That was done when we found that there was a bug in

#FROM fusionauth/fusionauth-app:1.19.4

and we replaced it with:

FROM fusionauth/fusionauth-app:1.19.7

thanks , I will do just that

Best Regards,

Thanks @sjswami , this duplicate ids issue is now resolved in 1.19.7. Appreciate you letting us know about it: https://github.com/FusionAuth/fusionauth-issues/issues/890

@maciej-wisniowski

Glad that you are able to figure it out. I am not sure if that qualifies as a bug, but definitely something to be aware of and might be worth calling out in our documentation.

I believe that you should have email templates after a kickstart (at least the default ones). I can do some more testing to see if that same thing happens to me when I kickstart.

Thanks,
Josh

@mark-robustelli said in 3rd Party Authentication:

@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select Applications. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here.

I did not make any settings in JWT, so there is nothig there.

In the OAUTH section here's what I have:

Client Id - Id generated by fusionAuth. Client secret - Secret generated by FusionAuth. Client Authentication - Set to Required PKCE - Set to Not Required. Generate refresh tokens - Checked Debug enabled - Checked (No idea if this does anything in the Cloud configuration). URL validation - Set to Exact Match Authorized redirect URLs -http://localhost:8080/MyAppName/FusionAuthLogin Authorized request origin URLs - Not Set Logout URL - http://localhost:8080/MyAppName/FusionAuthLogout Logout behavior - Set To All applications Enabled grants - Checked "Authorization Code" and "Refresh Token" Require Registration - Checked

That's it.
Thank you Mark
Rudy

@raghebmichael said in Manually verifying a JWT:

Something is very wrong. I don't know if this is something anybody else is facing, but I changed to a RS256 key and used the public key on jwt.io and it is still invalid. I cannot validate a JWT outside of /api/jwt/validate. This is a really big deal to me to be able to do something as simple as validating. Please let me know if I am in error, but if I can't get this to work I cannot continue using fusionauth and that's a big bummer to me as I had high hopes for this service.

b63ceaca-e17c-48e4-b7cc-fe757eff696f-image.png

This is exactly what I was looking for to solve my problem.
Thank you very much.

solved. I needed to type DELETE.

Thanks awesome @richb201 !

I'm glad you were able to sort it out!

@mark Awesome!

@dan Thank you for your support. Fixing the signature just saved me another couple of hours (also coming from https://fusionauth.io/blog/2020/07/14/django-and-oauth/) ^^

@xan said in Problems logging in user through C# API call:

when I do "http://localhost:5000", currently it just gets a "localhost refused to connect."?

Generally this happens when the service running on your localhost has some problem resolving the request. If you have access to logs, please see logs for more details on the error. Also, make sure the application interface, server, and services are running. There are many situations that might trigger “this site can't be reached” error in browsers. Sometimes the server is still running but the interface application is closed or the database is down. If your application interface and server is up but a dependent service is down then restart your computer/server and restart services. Make sure the app is bound to localhost. It may just be bound to an individual interface. netstat -na will give you the clues you need. Run a port scan on your computer and make sure the port is opened.

The problem may happens for failing on DNS lookup . DNS is that network address that translates the website name to its internet address. Most often it causes for not getting the internet connection or misconfigured internet or network settings. Another reason could be the firewall preventing Google Chrome to load the webpage. However, other reasons, such as insufficient permissions or the Apache web server not running properly might also cause the error.

@joseantonio Glad to hear it!

@dan said in Retrieving Data using FusionAuth API:

Great! We have a PR out to revisit the search documentation which I just merged. So hopefully that will be clearer for folks in the future.

Back to this comment of yours, I meant that the first line in this screenshot kinda confused me, since I thought that you're searchQuery will be searched only for these fields and not all of the existing fields if you call this this endpoint http://{{dockerhost}}:{{fusionport}}/api/user/search?queryString=*

And also I did not know that I can do something like http://{{dockerhost}}:{{fusionport}}/api/user/search?queryString=tenantId:uuid