Topics tagged with registration

allow users to register for any application but not create user accounts

dan — Invalid Date

This is possible in a couple of ways.

First, to allow users to register for an application on login, you need to turn on self-service registration. From the docs:

When you enable self-service registration for an application and a user who does not have a registration for that application successfully logs in to that application, the user will automatically be registered for that application, and have a registration added.

Then the question becomes, how can you disable the hosted login pages self-service registration form?

To do so, take the following steps:

update your theme to remove the link to the "Don't have an account? Create one" link from any pages, including the login page. You can also remove all the content from the registration themed page and replace it with not implemented or similar. However, a sinister user may still be able to post to the register endpoint and create a user if you are self-hosting, block access to the /register endpoint using a proxy if you are not self-hosting, prevent self-service registration by adding an encrypted secret value to all user accounts you create via the API. Then, create self-service registration validation lambda which will examine the user object. If the user object comes through without the secret value, fail the registration. Otherwise allow it through because it is a user who has logged in.

The self-service lambda may not fire unless there are required fields on the registration form, but that behavior is undocumented and may change.

Unverified Behavior Setting Not Respected

mark.robustelli — Invalid Date

@ahcfrontdoor I set up an application with the setting you are talking about and was allowed to register and proceed without any re-direction. Can you share a screen shot of your application registration tab. Please be sure to black out any sensitive information if necessary.

Why does import user with Registration fail?

[[global:former-user]] — Invalid Date

@fusionauth-qhj5e I have brought this up internally, for now we are considering adding a PR to make it more clear for users.

https://github.com/FusionAuth/fusionauth-site/pull/2918

Registering with an existing email

mark.robustelli — Invalid Date

@harish_reddy I just want to make sure I understand where you are coming from. If you user signs up with an email address, you want the same response even if they are already signed up? Can you please share some images of how you would like the flow to work? I think this could cause problems and confusion the way I am thinking about it.

How to get populated user.data after user registraion.

dan — Invalid Date

@muravyov-alexey Thank you!

Unable to invoke @ValidationMethod on the class [class io.fusionauth.app.action.oauth2.CompleteRegistrationAction]

joshua — Invalid Date

@alessandrojcm,

Sounds good. I have logged a bug report; we should have this one squashed soon!

Thanks,
Josh

External validation of users on registration

dan — Invalid Date

You can use the user.create or the user.registration.create webhook to do something like this.

If you enable these webhooks and configure the transaction to require the webhook to succeed, then you simply need to return a non-200 status code from the webhook to cause FusionAuth to fail this create.

https://fusionauth.io/docs/v1/tech/events-webhooks/#tenant-settings
https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-create
https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-registration-create

Lambda reconcile does not remove role from registration

joshua — Invalid Date

Hi @tl-fa,

You can view our Roadmap Guidance regarding how features are implemented into FusionAuth. A good snapshot of current development can be found here as well.

We will certainly update any related issue cards as development moves forward!

Thanks!
Josh

Existing users are registered for an application without seeing the registration form

dan — Invalid Date

Yes, if self service registration is enabled (which is set on an application by application basis) and a user who is already logged in to FusionAuth tries to register for such an application, FusionAuth will automatically register them for the app. It also checks that all required profile information is filled out, which is why adding the required field displays the registration form.

Advanced reporting, slicing and dicing by user and application and login/registration

dan — Invalid Date

This functionality doesn't exist in the FusionAuth admin screens, please feel free to file an issue with a detailed use case if you feel it should.

For registrations, you can look at the date the application registration was created using the User Search API. You'll probably want to use a date range.

For logins, you can review and search all login records by going to "System -> Login Records". However, one could build something with more granularity using the FusionAuth APIs.

This API documents how to pull down the log in data for a given date range. This doesn't include the full user object, but does include the user id. From there you could use the user api to pull down the entire user object.

Also, please note that login records may be deleted after a certain period of time, based on your system settings. This deletion is controlled in the admin UI, under "Settings -> System -> Advanced -> Login record settings" and would impact your ability to query login data in the past if enabled.

403 error when registering with Apple

dan — Invalid Date

Yes, just confirmed the fact that this is a Safari only issue. Only Safari seems to be doing this, we don’t return a 403 so this must a CORS failure. Perhaps Apple is sending additional headers on the request when using Safari that need to be accounted for in the Allowed headers.

I added GET to the allowed methods for CORS and it works that seems to allow it to work in Safari. Please test and let me know.

The redirect workflow looks to be different in Safari when using native controls vs Chrome or other browsers.

Dynamic Client Registration support

dan — Invalid Date

Please see this issue for updates on this functionality. Vote for it if this is important to you.

Registration email is not sent

ishuvalov — Invalid Date

Hi, I have the same problem here. The tenant's SMTP setting are correct and test emails are successfully delivered. I'm evaluating the FusionAuth right now and often delete/re-register users with the same emails. Verification emails are delivered to all users but one. The only thing that distinguish the problem user from the others is the fact I initially registered him via Facebook identity provider, so his email was automatically verified. After that I deleted the user and trying to register with just email (not Facebook). And emails are not delivered. Manually sent SMTP test emails to that address also delivered successfully. I hope this help to investigate.

Can you register a user to an application at the same time as you create them

dan — Invalid Date

Is this what you are looking for?: https://fusionauth.io/docs/v1/tech/apis/registrations#create-a-user-and-registration-combined

That API does return a token as of v1.17.0.

Password validation rules

dan — Invalid Date

Our validation takes in inverse approach. The setting is actually to require a non-alphanumeric character. So any character that is not alphabetic, or a digit, will satisfy this requirement.

There is not a fixed set of symbols as this would reduce the password entropy, which is generally a bad idea.