Thanks Dan. My json looks pretty similair to the one you posted.

{
"applicationId":"32688330-1630-4e0d-a4de-8ae45c3ca527",
"loginId":"tim@gmail.com",
"state":{"redirect_uri":"http://XX659b34a122.ngrok.io/index.php/Configure/MyFormEmployees","client_id":"32688330-1630-4e0d-a4de-8ae45c3ca527","response_type":"code","scope":"openid","state":"CSRF123"}}

Looks similar to me, so this is probably not the problem. I am using ngrok since I am developing under docker on my laptop. The email gets sent fine. The problem is that the link address in the FA template email starts "http://localhost:9011". I understand that is where my copy of FA is located on my laptop, but the email has been sent to a different machine! localhost:9011 won't work on a different machine!

So my link (in the passwordless email) needs to start with http://XX659b34a122.ngrok.io/. I know this link works fine because when i type it into the browser address bar on the remote machine, it opens my survey fine.

So how to get FA to send a link starting with my ngrok-http: instead of http://localhost:9011???

Also: is there anyway to set the FROM: address in the email dynamically using templates? The employees getting the passwordless emails will probably be wary of clicking an email from admin@substantiator.com rather than from taxmanagers_name@SomeCompany.com.

@davidmw Hmmm.

What is the value of fusionauth-app.url/FUSIONAUTH_APP_URL for these nodes and how is it set (env var, shared config.properties file)? I'm guessing since you are running in docker, you are setting it, if at all, via env vars.

From the configuration reference, this is:

The FusionAuth App URL that is used to communicate with other FusionAuth nodes. This value is defaulted if not specified to use a localhost address or a site local if available. Unless you have multiple FusionAuth nodes the generated value should always work. You may need to manually specify this value if you have multiple FusionAuth nodes and the only way the nodes can communicate is on a public network.

https://fusionauth.io/docs/v1/tech/reference/configuration/

How is your network configuration set up? How can the nodes reach each other (not super familiar with k8s).

Nope, there's no way to know when passwordless logins have expired via webhook.

You have a couple of options:

You can create a github issue specifying your use case. I'm not sure how quickly this feature would be implemented, however, as this is the first request I've seen. You could note when you send the passwordless login on the user object (in user.data) and build a query that shows all the users with expired passwordless logins. You can know when you sent it and how long it is good for by querying the tenant settings, which gives you the time it expires. You could note when you send the passwordless login in some other external database and process it there.

That's great to hear, glad you figured it out!

Hiya Steven,

Thanks for the details. I'm not aware of any example applications that have this workflow.

You could definitely do most of thisthis, but you'd be writing a lot of API glue code. You'd be creating identity providers and configuring managed domains to accomplish step 3.

The one thing that I know can't be done right now is creating an API key via the API. See https://github.com/FusionAuth/fusionauth-issues/issues/887 for more details about that.

Added a doc bug: https://github.com/fusionauth/fusionauth-issues/issues/1005

Thanks for your feedback!

@richb201 You can't have more than one passwordless template per tenant.

There is a basic self service registration form you can use, but I'm not quite clear on what you are trying to do.

It sounds like you want two authentication forms.

for users, which requires them to provide their email and sends them a magic link to login for admins, which doesn't require any password at all

If that is the case, how does the system know who is an admin (is it a url they are coming from, an ip range, or something else)?

We just published a flutter tutorial that might be worth reading: https://fusionauth.io/blog/2020/11/23/securing-flutter-oauth/

I am thinking that the issue is that fusionauth is automatically using ITS installation directory. So where can I change locahost to http://b25b0ba45e22.ngrok.io ??

If this is a new install, this is expected. During startup, FusionAuth goes into maintenance mode and reports back on the state of the system.

If you are in silent mode, the index will be created for you, if you are not in silent mode, FusionAuth will have entered an interactive startup mode and it is sitting on a prompt for you to create the Elasticsearch index.

More on silent mode.

@jphelps said in Blazor WASM auth:

Sec-Fetch-Dest

We do not currently do anything with the Sec-Fetch-Dest header. This header doesn't look to be a widely supported, and even if we did look at this header, I don't understand how this would help. Doesn't this header just indicate the intended use?

Is this a test setup, or do you plan to run this all on localhost in production as well? I would assume that if the fetch request thought it was making a request to a different host it may add the Origin header?

I don't know what this means yet but in section 3.1 fo the Fetch spec it says the Origin header is not included in all fetches. I couldn't find any specific scenarios spelled out where it won't be sent.

The Origin header is a version of the Referer [sic] header that does not reveal a path. It is used for all HTTP fetches whose request’s response tainting is "cors", as well as those where request’s method is neither GET nor HEAD. Due to compatibility constraints it is not included in all fetches.

Regarding your question,

What I do find a bit confusing is the following. Why does Fusion Auth return the full login page html with an X-Frame-Options header with DENY, if it can see Sec-Fetch-Dest header is iframe and there is not a Origin header to check against the Authorized request origin URLs . It would make more sense to me to return a 302 redirect to the application login callback.

I suppose this is an option, in general we prefer to fail in such a way that it indicates something is wrong. If we redirect w/out a failure - the developer may not know there is a configuration error.

How would returning 302 assist you in your integration?

@aartiyadavpersonal said in Advice in Python Flask Framework:

flask framework based projects?

Here are a few of them:

Weather App using Flask Full Stack Social Network App Portfolio Website using Flask Rest API with Flask Feedback Form using Flask Deploy Machine Learning Models using Flask Blog App using Flask

Also, you can start with these tutorials.

Hiya,

We don't guarantee any database level compatibility (which is why we recommend doing everything through the API, which does have those guarantees).

But here's an option. I'm assuming you are using MySQL. FusionAuth uses UUIDs for unique Ids, and in MySQL we store these as BINARY(16).

If you want to select this value in a human readable form, you can perform a select such as SELECT HEX(id) FROM table_name.

If you want to select this column and deserialize it into a Java UUID type, you can use code similar to the following:

public UUID fromByteArray(byte[] ba) { long msb = 0; long lsb = 0; for (int i = 0; i < 8; i++) { msb = (msb << 8) | (ba[i] & 0xff); } for (int i = 8; i < 16; i++) { lsb = (lsb << 8) | (ba[i] & 0xff); } return new UUID(msb, lsb); }

Another option, depending on your data size, would be to export all the data using the relevant APIs, and import it into your analytics database.