@dan Thanks for the help, I was able to get it working.

If it helps anyone else, my problem was misunderstanding how to properly do custom login/linking. I was trying to get FusionAuth to acquire the authorization code from the third-party provider and then return it to my code, where I would call further api functions. Everything works fine now that I acquire the authorization code directly and pass it to the FusionAuth api calls.

This has been fixed in version 1.46.0, which should be released soon.

You can track it at the issue above.

Thanks for reporting, @ndiarmand !

@tiny-lamp6590 said in React SDK Example Issue:

I think I am a bit burned out on getting this to run locally, will probably eject the whole thing and retry with a clean start with only changes to the cookie security when I have the bandwidth. Thanks again for your suggestions.

Maybe that would be the best approach to be honest... I just cloned the repository, started the FusionAuth instance with docker compose up in that folder, installed dependencies from client and server and everything works, even with the secure: true (which I think browsers just ignore when running locally).

I tried both Firefox Developer Edition 114 and Chrome 113 and they run fine. Which browser are you running on? Have you tried disabling extensions or going incognito?

image.png

@mark-robustelli I had opened a support ticket (via email) and got this response

If you have external calls in your integration, you will want to ensure a fast response Lambdas - If you are calling FusionAuth APIs in a lambda, ensure a connection over port 9012 (as opposed to port 9011). Any other external HTTP calls (to your own endpoints) using HTTPConnect should return quickly as well to ensure optimal performance. Connectors - If you have a connector, then FusionAuth will hold things in flight (database connections, in-memory information, etc) while we wait for your connector to return an authentication response and log the user in. Ideally, your connector would have a read timeout of 1ms and a connect timeout of 2ms or less. Higher values mean FusionAuth will have fewer resources (database connections, etc) available to service incoming login requests (as older login requests are still in flight waiting for the Connector return). Webhooks - If you have any webhooks, these should also return quickly to optimize performance. Any SocketTimeoutException (read or connect) in the Event Log would indicate a slower webhook integration. Adjust Period Tasks If you have any periodic tasks running against your deployment (perhaps to synchronize user data, application data, etc by calling our APIs), then you will want to write back-off logic if the system shows a heavy load (monitoring documentation). Turn off logging in production This change will be less impactful but will help nevertheless. Logging should be used when there is an issue with SMTP/email, lambdas, connectors, users, etc but turned off in production when not needed. Logs are output to System > Event Log. The debug enabled toggle throughout the UI (and API) indicates whether this logging will occur.

The big ones were that we were making calls to the API in a lambda and switched the port as mentioned. We also had left on debug logging in a lot of places so have disabled that for now. Validated our webhooks are all running pretty fast (median type is 1-2ms) and connector is pretty fast, though slower 20-30ms median.

@mark-robustelli Thank you. It is an interesting workaround. I think if we apply encryption on top of the generated string value, it will not disclose user's login.

@jgerman Sorry I have been out of touch. I just saw this issue come up that sounds like the same thing you are experiencing. Please follow this issue. When the fix is available, please let us know if this solved your issue to. I believe it will.

@ronn316 Awesome! Thanks for sharing.

@yves So I found this that may be of interest to you.

For the Authorization Code Grant, if the clientAuthenticationPolicy value is Required, the client secret is required. If the value is NotRequired, the client secret is not required. If the value is NotRequiredWhenUsingPKCE and PKCE is used, the client secret is not required. If PKCE is not used, the client secret is required.

What is your setting there?

There is no way to get back information from FA when it calls your connector endpoint. What I ended up doing was creating separate applications for each portal in our app. WHen FA calls my connector, now I can look at the incoming applicationid and know which portal this user belongs too and that solved my issue.

@kasir-barati When you say "I dunno if we can use them to change what Get /me endpoint returns", you might want to check out the UserInfo Populate Lamba.

@kasir-barati Hiya, welcome to FusionAuth. Sorry, just ran across your forum post today.

There is no way to assign constraints to user.data fields within FusionAuth, but there is an open issue that I encourage you to upvote.

You can require usernames to be unique in a tenant, using the Unique usernames setting. It is, however a feature which requires a paid plan.

Another alternative, rather than

fetching all users and then looping over users
would be to search for the username before creating the user. Using the search functionality that wouldn't require scanning all the users. You can use a transactional webhook to fail user creation if your uniqueness rules are not met.

@stefan-0 I don't really see where there is an issue here, we wouldn't want to actually keep the Azure AD access_token if you want it just add something to the openid reconcile lambda and store it as needed.

https://fusionauth.io/docs/extend/code/lambdas/openid-connect-response-reconcile

Hiya,

I got an answer for you about sunset provisions.

We have discussed source code escrow options with clients in the past. We can also offer a source code release clause (in the event FusionAuth goes out of business). However, these are only options if you are on an Enterprise plan with a custom contract.

Hope that helps you make the right decision for your application(s).

Github issue: https://github.com/FusionAuth/fusionauth-issues/issues/632

Here's a contrib project where community members have added proxy configs: https://github.com/FusionAuth/fusionauth-contrib

How would I do this kind of search for users within a Postgresql database, I'm not using ElasticSearch.

Sorry, you cannot.

Unfortunately you can't search beyond fuzzy matching on the parameters listed in the database search documentation. If you have advanced search needs, we recommend running elasticsearch, which is extremely powerful and flexible.

Here's a tutorial on switching search engines: https://fusionauth.io/docs/v1/tech/tutorials/switch-search-engines/

I can confirm it works properly in the latest version. Thank you very much for the quick help!

We've added some documentation about no downtime upgrades in FusionAuth cloud: https://fusionauth.io/docs/v1/tech/installation-guide/cloud#upgrade-duration

If you are self-hosting, we recommend running in a cluster and you should be able to have upgrade downtime similar to what FusionAuth cloud has.