Create user with FusionAuth Admin Interface from Kickstartfile
-
Hi!
Is it possible to create an admin account with FusionAuth Admin Interface access from the Kickstart file.
Here's my kickstart file:
{ "variables": { "adminEmail": "cypress@example.com", "user1Email": "rob@example.com", "password": "hello123", "defaultTenantId": "30663132-6464-6665-3032-326466613934" }, "apiKeys": [ { "key": "#{ENV.FUSION_AUTH_API_KEY}", "description": "Standard development API key" } ], "supportId": "5acfd1b6-f687-ae13-8ffd-1900200c9a77", "requests": [ { "method": "POST", "url": "/api/application/#{ENV.SECRET_FUSIONAUTH_CLIENT_ID}", "body": { "application": { "name": "Project Secret", "oauthConfiguration": { "clientSecret": "#{ENV.SECRET_FUSIONAUTH_CLIENT_SECRET}" }, "roles": ["user", "admin"] } } }, { "method": "POST", "url": "/api/user/registration/ace26aa5-0fe9-4672-bc5f-dfe198f4955d", "body": { "user": { "email": "#{adminEmail}", "password": "#{password}" }, "registration": { "applicationId": "#{ENV.SECRET_FUSIONAUTH_CLIENT_ID}", "roles": ["user", "admin"] } } }, ] }My understanding was that it should be enough to add the "admin" role to the user to be able to access the admin interface.
However, when I try to log in with
cypress@example.com:hello123- a user with the "admin" role - I'm getting this screen:
Thanks!
-
@akoskm Yes, this is possible. You have to create a registration for the FusionAuth application for your user and apply a role (roles outlined here).
Here's an example kickstart that does that: https://github.com/FusionAuth/fusionauth-example-kickstart/blob/master/fusionauth/kickstart-development.json#L146
You want something like the lines 146-191.
-
Hello @dan !
I tried what you show us, like this:
{ "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000001", "body": { "user": { "firstName": "Adam", "lastName": "Smith", "email": "#{adminEmail}", "password": "#{password}" }, "registration": { "applicationId": "#{ENV.FUSIONAUTH_CLIENT_ID}", "roles": ["admin"] } } },but after this, my local FusionAuth admin panel redirects me to the setup wizard form which I can't complete because it's giving me a 500 Server error.
This tells me something is wrong with my newly added block because before I added it my FusionAuth worked fine.
I also tried to add an application registration with the same id and with the name
FusionAuth, like this:{ "method": "POST", "url": "/api/application/#{ENV.FUSIONAUTH_CLIENT_ID}", "body": { "application": { "name": "FusionAuth", "roles": ["user", "admin"] } } },but this didn't solve my issue.
Thanks for your help in advance!
Best Regards,
Patrik -
Hi @dan, Patrik is my colleague who tried to make this work but had no success. Could you take a look at his post below? Thank you!
-
@paterik4 I think you need to give the application_id instead of the client_id in the registration block
-
@paterik4 Hiya,
Can you try eliminating some things to troubleshoot?
- Try hardcoding the application id rather than using an environment variable. In fact, try replacing all the env references with hardcoded values
- Try removing the
supportId; I'm not sure what that is.
Also, if you are ending up at the setup wizard, that means that the kickstart didn't complete. Can you look at the log file output and see what error messages kickstart provides. You can also verify that the JSON is valid using a tool like jsonlint.com.
Also, what version of FusionAuth are you attempting this on?
If you can share a GH repo showing this issue, I'd like to take a look.
-
@quent I thought about that, but how should I get the id of FusionAuth that was just created by kickstart?
-
@dan Hello!
If I try to add an application registration as shown in the example in FusionAuth's Github repo, it gives me this error:
2022-12-13 02:42:06.813 PM ERROR io.fusionauth.api.service.system.kickstart.KickstartRunner - Failed to execute request to [POST][/api/application/00000000-0000-0000-0000-000000000001] Status [400] Request body: { "application" : { "name" : "FusionAuth", "roles" : [ "user", "admin" ] } } 2022-12-13 02:42:06.813 PM ERROR io.fusionauth.api.service.system.kickstart.KickstartRunner - Error response: { "fieldErrors" : { "application.name" : [ { "code" : "[duplicate]application.name", "message" : "An Application with name [FusionAuth] already exists." } ] }, "generalErrors" : [ ] }If the kickstart creates FusionAuth for himself, how could I get its id to register users to it with an admin role?
The supportId doesn't create any error.
My kickstart file is a valid JSON file.
I am trying to use
image: fusionauth/fusionauth-app:1.38.0image of FusionAuth. -
This post is deleted! -
@paterik4 I think you can specify it in the kickstart when you create it
-
@quent That would be great. Can you give me and example how can I achieve this?
-
@quent @dan Thank you for your help! I get it working.
My mistakes were the following:
- I tried to specify the Fusionauth app id.
- I tried to create the FusionAuth app which gave me an error that it already exists.
- I used the default (provided) FusionAuth app id wrongly.
- I tried to register the user twice.
Here is my solution without any other registration:
If you would like to give access to an already registered user u should provide access to that user with the same URL but with the following body:
"body": { "skipRegistrationVerification": true, "registration": { "applicationId": "#{FUSIONAUTH_APPLICATION_ID}", "roles": ["admin"] } }If you would like to give access to a new user, then u should do it under a different URL and you have to specify the user email and password inside the body like this:
"body": { "user": { "email": "#{adminEmail}", "password": "#{password}" }, "registration": { "applicationId": "#{FUSIONAUTH_APPLICATION_ID}", "roles": ["admin"] } } -
@paterik4 Awesome, glad you got it working.
For anyone else, https://fusionauth.io/docs/v1/tech/apis/registrations documents the two different ways of creating a registration (for a new user and an existing user).
-
Hi, I am fairly new to FusionAuth and have the same issue as the original poster.
The Kickstart file I created does not allow the user to login to access the admin interface.
What I attempting to do is run locally in Docker containers, so that the same set up can be used by another developer from docker compose.
Please could I have some help with the Kickstart file?
It runs, does not appear to throw any errors in the fusionauth logs, but i cannot login.
Please find enclosed the kickstart file and the docker compose snippet.
Regards
ChrisKickstart file
{ "variables": { "adminEmail": "admin@fusionauth.io", "password": "apassword", "defaultTenantId": "68e4bbcf-f44b-a066-34c1-d53bdd4e4810", "applicationId": "80640732-cecc-4962-9928-6937bee1090a" }, "apiKeys": [ { "key": "nvbt6nwmxyHQVy2F7xYCgSgLww4ssUy9csmzVAEJatS4mkp7H2vGogJI", "description": "Standard development API key" } ], "requests": [ { "method": "POST", "url": "/api/application/80640732-cecc-4962-9928-6937bee1090a", "body": { "application": { "name": "LocalApp", "roles": [ { "name": "admin" }, { "name": "user" }, { "name": "user-admin" } ], "oauthConfiguration": { "clientSecret": "AsCh5TTgB_JmeSr57P15M31S0nblbbak5h15ZHU7kVc", "clientID": "80640732-cecc-4962-9928-6937bee1090a", "authorizedOriginURLs": [ "http://localhost:3000", "http://localhost:3016" ], "authorizedRedirectURLs": [ "http://localhost:3000/api/v1/auth/callback" ], "enabledGrants": [ "authorization_code", "password", "refresh_token" ], "logoutURL": "http://localhost:3000/api/v1/auth/logout", "generateRefreshToken": true } } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000001", "body": { "skipRegistrationVerification": true, "user": { "email": "john@genericcompany.com", "firstName": "John", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "admin" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000002", "body": { "skipRegistrationVerification": true, "user": { "email": "james@genericcompany.com", "firstName": "James", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "admin" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000003", "body": { "user": { "email": "adam@genericcompany.com", "firstName": "Adam", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "admin", "user", "user-admin" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000004", "body": { "user": { "email": "jane@genericcompany.com", "firstName": "Jane", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "user" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000005", "body": { "user": { "email": "helga@genericcompany.com", "firstName": "Helga", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "user" ] } } }, { "method": "POST", "url": "/api/user/registration/00000000-0000-0000-0000-000000000006", "body": { "user": { "email": "Susan@genericcompany.com", "firstName": "Susan", "lastName": "Smith", "password": "apassword", "imageUrl": "" }, "registration": { "applicationId": "80640732-cecc-4962-9928-6937bee1090a", "roles": [ "user" ] } } } ] }Docker compose snippet
fusionauth: image: fusionauth/fusionauth-app:1.43.0 container_name: fusionauth depends_on: authdb: condition: service_healthy environment: DATABASE_URL: jdbc:postgresql://authdb:5432/${POSTGRES_DB} DATABASE_ROOT_USERNAME: ${POSTGRES_USER} DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD} DATABASE_USERNAME: ${DATABASE_USERNAME} DATABASE_PASSWORD: ${DATABASE_PASSWORD} FUSIONAUTH_APP_MEMORY: ${FUSIONAUTH_APP_MEMORY} FUSIONAUTH_APP_RUNTIME_MODE: development FUSIONAUTH_APP_URL: http://localhost:9011 SEARCH_TYPE: database FUSIONAUTH_APP_KICKSTART_FILE: ${FUSIONAUTH_APP_KICKSTART_FILE} networks: - localnet restart: unless-stopped ports: - 9011:9011 volumes: - ./conf/fusionauth/config:/usr/local/fusionauth/config - ./conf/fusionauth/kickstart:/usr/local/fusionauth/kickstart - ./volumes/fusionauth/logs:/usr/local/fusionauth/logs authdb: image: postgres:12.5-alpine container_name: authdb hostname: authdb ports: - "5433:5432" environment: PGDATA: /var/lib/postgresql/data/pgdata POSTGRES_DB: ${POSTGRES_DB} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} healthcheck: test: [ "CMD-SHELL", "pg_isready -U postgres" ] interval: 5s timeout: 5s retries: 5 networks: - localnet restart: unless-stopped volumes: - ./volumes/authdb:/var/lib/postgresql/data
