Can we do a user search without a tenant id?
-
We have multiple tenants in FusionAuth and want to be able to search across all of them for a given user. Is this possible?
-
If you don't care about the possibility of duplicate users or you can handle them in your business logic (because tenants allow multiple users to have the same username or email address), you can use a globally scoped API key and just call the search API with the email address.
For example, here a script I ran after creating two 'test@example.com' users in different tenants in one FusionAuth instance:
curl -H "Authorization: $API_KEY" 'http://localhost:9011/api/user/search?queryString=test%40example.com'
The API_KEY variable was a globally scoped API key (not scoped to one tenant).
This returned this json (note, I'm running the database search engine, but the results should be similar if you are running elasticsearch):
{"total":2,"users":[{"active":true,"email":"test@example.com","id":"0e3f0f4d-6795-4200-b044-9fea2437f0d2","insertInstant":1591914961640,"lastLoginInstant":1591914961678,"passwordChangeRequired":false,"passwordLastUpdateInstant":1591914961675,"tenantId":"1de156c2-2daa-a285-0c59-b52f9106d4e4","twoFactorDelivery":"None","twoFactorEnabled":false,"usernameStatus":"ACTIVE","verified":true},{"active":true,"email":"test@example.com","id":"6d145368-431b-4df1-aba4-5741bd7a9280","insertInstant":1592244970665,"lastLoginInstant":1592244970695,"passwordChangeRequired":false,"passwordLastUpdateInstant":1592244970690,"tenantId":"7b231917-733e-4347-b9e2-11915de60fc8","twoFactorDelivery":"None","twoFactorEnabled":false,"usernameStatus":"ACTIVE","verified":true}]}