FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    iss is https://localhost:9011 and not http://localhost:9011

    Scheduled Pinned Locked Moved Solved
    Q&A
    1
    2
    7.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kasir-barati
      last edited by kasir-barati

      Hey guys,

      Explaining what I am doing

      I am validating my access_token and id_token with FusionAuth by calling this validateJWT (I think internally it calls this endpoint) from Typescript client. It returns https://localhost:9011 as the jwt's issuer while I think it should be http://localhost:9011.

      what is the source of confusion for me?

      Now I am not sure what is happening here and why iss's protocol is HTTPS and not your normal HTTP. Do I have to explicitly tell FusionAuth to use which protocol somewhere when I am configuring it with Terraform/OpenTofu or kickstart.json?

      Any idea?

      Need to see my terraform/opentofu's conf? here it is: https://github.com/kasir-barati/you-say
      K 1 Reply Last reply Reply Quote 0
      • K
        kasir-barati @kasir-barati
        last edited by

        My bad, I was misconfiguring my FusionAuth instance and at the same time banging my head against a brick wall.

        So who answered my question? FusionAuth Docs AI.

        The iss or issuer claim in FusionAuth is a URL that identifies the principal that issued the JWT. The issuer claim is a case-sensitive string containing a string or URI value. The processing of this claim is generally application-specific.
        In FusionAuth, the issuer claim can be set in two ways:

        1. You can set it in the tenant configuration, where it will apply for all JWTs issued for that tenant. You can modify this by navigating to "Tenants", then your tenant, then "General". Here, you can modify the "Issuer" field value.
        2. You can set it at the individual JWT level by modifying the JWT populate lambda. You would do this if you wanted to have a different issuer based on some information from the user or registration data.

        The issuer claim is typically set to the URL of your FusionAuth instance. For example, https://local.fusionauth.io or http://localhost:9011. The choice between http and https depends on whether your FusionAuth instance is set up to use SSL or not. If it is, then https should be used. If not, http can be used.
        In the case of https://localhost:9011, this means that the FusionAuth instance is set up to use SSL and is running on the local machine on port 9011.

        Although it was not completely correct but its first suggestion was right on the money. I am configuring FusionAuth using Terraform/OpenTofu. And there I was passing the wrong value to issuer. Learn more here: https://registry.terraform.io/providers/fusionauth/fusionauth/latest/docs/resources/tenant

        So I was passing https://localhost:9011 😓.

        1 Reply Last reply Reply Quote 0
        • K kasir-barati has marked this topic as solved on
        • First post
          Last post