@mark Awesome!

Thank you for taking the time to offer these solutions. Your support has made a challenging situation much more manageable.

@dan Thank you for your support. Fixing the signature just saved me another couple of hours (also coming from https://fusionauth.io/blog/2020/07/14/django-and-oauth/) ^^

I upgraded. I haven't tried a new install nor do I want to. I understand why it's happening. Is it something you can fix in a future update, without my having to start over with a whole new install?

@xan said in Problems logging in user through C# API call:

when I do "http://localhost:5000", currently it just gets a "localhost refused to connect."?

Generally this happens when the service running on your localhost has some problem resolving the request. If you have access to logs, please see logs for more details on the error. Also, make sure the application interface, server, and services are running. There are many situations that might trigger “this site can't be reached” error in browsers. Sometimes the server is still running but the interface application is closed or the database is down. If your application interface and server is up but a dependent service is down then restart your computer/server and restart services. Make sure the app is bound to localhost. It may just be bound to an individual interface. netstat -na will give you the clues you need. Run a port scan on your computer and make sure the port is opened.

The problem may happens for failing on DNS lookup . DNS is that network address that translates the website name to its internet address. Most often it causes for not getting the internet connection or misconfigured internet or network settings. Another reason could be the firewall preventing Google Chrome to load the webpage. However, other reasons, such as insufficient permissions or the Apache web server not running properly might also cause the error.

@joseantonio Glad to hear it!

@dan said in Retrieving Data using FusionAuth API:

Great! We have a PR out to revisit the search documentation which I just merged. So hopefully that will be clearer for folks in the future.

Back to this comment of yours, I meant that the first line in this screenshot kinda confused me, since I thought that you're searchQuery will be searched only for these fields and not all of the existing fields if you call this this endpoint http://{{dockerhost}}:{{fusionport}}/api/user/search?queryString=*

And also I did not know that I can do something like http://{{dockerhost}}:{{fusionport}}/api/user/search?queryString=tenantId:uuid

Related GitHub issue with details.
https://github.com/FusionAuth/fusionauth-issues/issues/178

In case anyone else would like to do the same, I have found a solution which I have detailed here:

https://github.com/FusionAuth/fusionauth-issues/issues/822#issuecomment-680172776

I wrote a guide for running fusionauth in a clustered/multi node setup: https://fusionauth.io/docs/v1/tech/installation-guide/cluster/

The bug about the ip addresses being the same (which was only a display bug, not a functionality bug) was also addressed in 1.23.0: https://fusionauth.io/docs/v1/tech/release-notes/#version-1-23-0

@naughtly-keller or @sander

Not sure if one of you were the creator of this?

https://next-auth.js.org/providers/fusionauth

or if not, at the very least I wanted to pass along the additional info that is now available 🙂

Thanks,
Josh

Hi, I am fairly new to FusionAuth and have the same issue as the original poster.

The Kickstart file I created does not allow the user to login to access the admin interface.

What I attempting to do is run locally in Docker containers, so that the same set up can be used by another developer from docker compose.

Please could I have some help with the Kickstart file?

It runs, does not appear to throw any errors in the fusionauth logs, but i cannot login.

Please find enclosed the kickstart file and the docker compose snippet.

Regards
Chris

Kickstart file

{ "variables": { "adminEmail": "admin@fusionauth.io", "password": "apassword", "defaultTenantId": "68e4bbcf-f44b-a066-34c1-d53bdd4e4810", "applicationId": "80640732-cecc-4962-9928-6937bee1090a" }, "apiKeys": [ { "key": "nvbt6nwmxyHQVy2F7xYCgSgLww4ssUy9csmzVAEJatS4mkp7H2vGogJI", "description": "Standard development API key" } ], "requests": [ { "method": "POST", "url": "/api/application/80640732-cecc-4962-9928-6937bee1090a", "body": { "application": { "name": "LocalApp", "roles": [ { "name": "admin" }, { "name": "user" }, { "name": "user-admin" } ], "oauthConfiguration": { "clientSecret": "AsCh5TTgB_JmeSr57P15M31S0nblbbak5h15ZHU7kVc", "clientID": "80640732-cecc-4962-9928-6937bee1090a", "authorizedOriginURLs": [ "http://localhost:3000", "http://localhost:3016" ], "authorizedRedirectURLs": [ "http://localhost:3000/api/v1/auth/callback" ], "enabledGrants": [ "authorization_code", "password", "refresh_token" ], "logoutURL": "http://localhost:3000/api/v1/auth/logout", "generateRefreshToken": true } } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000001", "body": { "skipRegistrationVerification": true, "user": { "email": "john@genericcompany.com", "firstName": "John", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "admin" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000002", "body": { "skipRegistrationVerification": true, "user": { "email": "james@genericcompany.com", "firstName": "James", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "admin" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000003", "body": { "user": { "email": "adam@genericcompany.com", "firstName": "Adam", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "admin", "user", "user-admin" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000004", "body": { "user": { "email": "jane@genericcompany.com", "firstName": "Jane", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "user" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000005", "body": { "user": { "email": "helga@genericcompany.com", "firstName": "Helga", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "user" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000006", "body": { "user": { "email": "Susan@genericcompany.com", "firstName": "Susan", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "user" ] } } } ] }

Docker compose snippet

fusionauth: image: fusionauth/fusionauth-app:1.43.0 container_name: fusionauth depends_on: authdb: condition: service_healthy environment: DATABASE_URL: jdbc:postgresql://authdb:5432/${POSTGRES_DB} DATABASE_ROOT_USERNAME: ${POSTGRES_USER} DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD} DATABASE_USERNAME: ${DATABASE_USERNAME} DATABASE_PASSWORD: ${DATABASE_PASSWORD} FUSIONAUTH_APP_MEMORY: ${FUSIONAUTH_APP_MEMORY} FUSIONAUTH_APP_RUNTIME_MODE: development FUSIONAUTH_APP_URL: http://localhost:9011 SEARCH_TYPE: database FUSIONAUTH_APP_KICKSTART_FILE: ${FUSIONAUTH_APP_KICKSTART_FILE} networks: - localnet restart: unless-stopped ports: - 9011:9011 volumes: - ./conf/fusionauth/config:/usr/local/fusionauth/config - ./conf/fusionauth/kickstart:/usr/local/fusionauth/kickstart - ./volumes/fusionauth/logs:/usr/local/fusionauth/logs authdb: image: postgres:12.5-alpine container_name: authdb hostname: authdb ports: - "5433:5432" environment: PGDATA: /var/lib/postgresql/data/pgdata POSTGRES_DB: ${POSTGRES_DB} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} healthcheck: test: [ "CMD-SHELL", "pg_isready -U postgres" ] interval: 5s timeout: 5s retries: 5 networks: - localnet restart: unless-stopped volumes: - ./volumes/authdb:/var/lib/postgresql/data

@vkumar I'd keep an eye on the github issue (or even comment with your current use case if you want to). I suspect it has a similar root cause.

@j-smutek

Hi, after a long bit of working on this issue.
I am quite certain that it is caused by setting a valid certificate in the configuration.
It happens when you configure it directly in the fusionauth.properties file ssl. Everything appears to work, then you find out you cannot create or edit tenants, and other areas do not work randomly. I would just get at no response in the browser and then this buffer overflow in your logs.. I struggled for quite some time with this. Just writing here so if someone else comes to this point.. Just stop and install a reverse proxy problem solved.

I also think honestly fusionauth's quick guide should include setup with caddy and/or nginx with ssl certs. Really I think it would be best to remove ssl setings and force users to setup a reverse proxy as it is simple to do. But I see that you maybe want flexibility here. I have done this now with Caddy and it works flawlessly.

Thanks again for a great product though and great community support.
Authfusion is by far the easiest alternative to Indentity Server for .net and probably the easiest auth server I found.

@alan-rutter

Thank you for your answer, I will check that out, but it is really blurry in my mind as of now!

@dan

Hello,

I am happy that I got the answer for my doubt by going through the conversation.

thank you so much.

Samo

I'm so glad you solved it!

@sswami said in After Chrome 80+ Cookie Set SameSite=None requires 'Secure' in Android WebView doesn't seem to complete Authorize:

I don't know, if what I am doing is best practice or was there something else I should have done, at least this is working for me as now.

In the blog post I mention, the app uses the react-native-app-auth library, that may be worth investigating as it provides the hooks into the native browser.

This may be worth investigating so you don't have to support your own solution, though of course I'm glad you have it working.

There is another issue, calling /api/logout?global=true&refreshToken={refresh_token} only signs out of the app, but doesn't signout from the FusionAuth completely, making it redirecting back to the App instead of the Login Screen?

You should remove your access tokens in your client when the logout button is pressed. The FusionAuth logout API only removes cookies. This post may be helpful: https://fusionauth.io/community/forum/topic/270/logout-questions

@alickabrook1
I was not setting origin URL in mobile app.

I was setting it in fusionauth config.

Shared screenshot in https://github.com/FusionAuth/fusionauth-issues/issues/1443

Just to close the loop on this, 1.40 includes the native window installation script and there are now instructions on how to install the mysql jar file.

@megeshg said in Authorize device without using /oauth2/device redirect:

we are not call /oauth/device would we need to? when in the flow would we need to do this? Dont see this in the documentation?

Hmmm. I think I must have been mistaken when I suggested that. I can't track down where I came up with that. My apologies.

I'm glad you found a solution.