Application user permissions not working

chris.smith

I'm just starting out with FusionAuth. I'm following the '5-Minute Setup Guide' and am using the fusionauth-node-example on GitHub.

At the point where I create the test user I thought I'd try logging in to the application, to verify that the login is rejected without the application registration. To my surprise I find that the test application accepts the user login without requiring a registration. What have I done wrong?

dan

Hi Chris,

The sample application only shows authentication (does FusionAuth recognize the user?) not authorization. I should probably update the docs to make that more clear. Sorry about the confusion.

Here's docs on what your application needs to do (by looking in the JWT) to see if a user is authorized: https://fusionauth.io/docs/v1/tech/core-concepts/authentication-authorization/

dan

I added an authorization check to the node code: https://github.com/FusionAuth/fusionauth-example-node/commit/5d551501e292df88c89e7352112b4b990ca65f0b

And submitted a PR to update the docs to make it clearer: https://github.com/FusionAuth/fusionauth-site/pull/367

Cheers!

chris.smith

@dan Thank you, but the example app now no longer works for me. Clicking the 'login' link on the example page now gives the following error on the Node.js console:

in error
{}

This appears to have been triggered by line 34 of routes/index.js.

The breakage seems to have been introduced by commit 5d55150 -- my only changes are to the clientId, clientSecret and the auth URLs (I'm not running on localhost:9011) and the example was working fine for me immediately prior to this commit.

chris.smith

@dan Ok, it would seem that the 'response.response.user' object does not contain a 'registrations' entry if the user doesn't have any registrations at all.

I've forked, fixed and created a PR.

dan

Thank you. Merged the PR. That was a boneheaded mistake on my part, sorry about that!