I would try creating another tenant and seeing if the same SMTP settings fail. Then I'd try standing up a version with the very latest FusionAuth version and seeing if you see the same behavior.

Also, do you have the same tenant smtp settings? That is under the "advanced" tab, then "smtp settings".

The one that works is from the default tenant and the one that doesn't is from administrators.

I have asked AWS support if they could tell me exactly why this is failing. Are we sure that the failure is being generated from the AWS SES (SMTP)server?

Email troubleshooting is documented here: https://fusionauth.io/docs/v1/tech/troubleshooting/#troubleshooting-email

Might be worth trying some of the steps outlined there.

"Unable to send email via JavaMail530 Authentication required"

Is that something that can be fixed in my FA setup or is this a question for AWS? I do have another application using the same smtp that works fine.

The user entity has not type member. To make such a distinction you can use groups.

You can set registration verification template either via GUI ora API - it doesn't make a difference. Since registrations are application specific, you firstly need to enable application's registrations verification and then you can select the template. Via GUI it can be done in Edit Application > Registration.

But still, at the moment I'm rather confused, and don't really know what are you actually trying to achieve. I suppose that email verification is the only verification that you need, but that is just my guesing.

In the previos post you mentioned 530 error, now it is 503. Also, you haven't provided full trace, so my response was based on some guessing, and the fact that 530 is actually defined in SMTP. On the other hand 503 HTTP code may be returned by the FA on an event of elastic search issues.

503
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

See Complete a Passwordless Login.

$request = array();
$request["registration"]["applicationId"] = $_SESSION['applicationID_admin_register_login'];
$request["user"]["email"] = $email;
$request["user"]["password"] = "12345678";
$request["user"]["userId"] = $id; //this is the record number from the employees table -needed to delete the record from mySQL
$request["user"]["type"] = "admin"; //mark this guy as admin
//add the id from the employees table
$requestJ = json_encode($request); //convert the array into json
$result = $_SESSION['client']->register("", $requestJ);

Are you saying that I need to set the registration verifcation emaIl via the API, rather than using the UI (see the email verification text field in above image)? Notice that I am not using the tenantID anywhere in this? But the application ID is used and it does have a tenant associated with it. Again, just to make my question clear. Where do I specify in the UI which template to run for registration verification?

On the tenant SMTP and the 503 error, I am using the EXACT same SMTP that was working correctly before I moved to a new application (due to not being able to do the registration in one tenant and the login in a different one).

To sum it up, user entity, created on an user creation event represents an user. This entity contains the user email and its verification status. The user email verification email may be sent only on user creation.
The registration, is an entity that associates already existing user to a specific application. The registration is not related to user email nor its verification status. However, it can contain alternative username to be used by the user in this application only. On an event of registration creation, FA can send confirmation email, but it doesn't confirm user email, it only confirms whether the registration of an user in the application should persist.

So if you want users to confirm registrations in certain applications (in addition to verifying email addresses, which can be understood as account creation verification), configure the functionality, and prepare registration verification template.

530 Authentication required SMTP error means that your tenant SMTP configuration is invalid.

I don't see a place for the verify registration template?

When a user tries to register, I get a "530 Authentication required" error in the event log, and the verify email is not being sent.

404
The user was not found. The response will be empty.

You need to understand that each tenant has its own, separate user base. So, if the user exists in one tenant, he doesn't necessarily exists in another. Anticipating your question, you cannot have a common user base for multiple tenants - If you want to have single user base, then work on a single tenant.

Here is the call:
$result = $_SESSION['client']->withTenantId('8ea1c784-866b-4755-b97b-b4fda2ad19e4')->startPasswordlesslogin($requestJ);

Here is the $result I am seeing:
FusionAuth\ClientResponse Object
(
[errorResponse] =>
[exception] =>
[method] => POST
[request] => {"applicationId":"2cf00c29-ac46-49bf-8cd4-32538ddb00d8","loginId":"richardbernstein217@gmail.com","state":{"redirect_uri":"http://substantiator-survey.ngrok.io/index.php/Configure/report_generator_amazing","client_id":"2cf00c29-ac46-49bf-8cd4-32538ddb00d8","response_type":"code","scope":"openid","state":"richardbernstein217@gmail.com"}}
[successResponse] =>
[status] => 404
)

If you need more verbose examples see the code below

<?php

require __DIR__ . '/vendor/autoload.php';

$apiKey = "5a826da2-1e3a-49df-85ba-cd88575e4e9d";
$client = new FusionAuth\FusionAuthClient($apiKey, "http://localhost:9011");

$request = array(
	"applicationId" => "c9a6f176-93df-4eaa-b67c-b651d18df60c",
	"loginId" => "user"
);
$result = $client->withTenantId("adca656e-4895-4a9e-ac2e-8b9ebebb5149")->startPasswordlesslogin($request);

var_dump($result);

?>

For such a call, the client invokes following HTTP API request

POST /api/passwordless/start HTTP/1.1
Host: [...]:9011
Accept: */*
X-FusionAuth-TenantId: adca656e-4895-4a9e-ac2e-8b9ebebb5149
Authorization: 5a826da2-1e3a-49df-85ba-cd88575e4e9d
Content-Length: 73
Content-Type: application/json

{"applicationId":"c9a6f176-93df-4eaa-b67c-b651d18df60c","loginId":"user"}

public function withTenantId($tenantId) {
$this->tenantId = $tenantId;
return $this;
}

/**

• Takes an action on a user. The user being actioned is called the "actionee" and the user taking the action is called the
• "actioner". Both user ids are required in the request object.
• @param array $request The action request that includes all of the information about the action being taken including

• the id of the action, any options and the duration (if applicable).
  

What two users are they talking about? There is only one user involved. Does this make sense?

    $requestJ = json_encode($request);   //convert the array into json
    $result = $_SESSION['client']->setTenantId('8ea1c784-866b-4755-b97b-b4fda2ad19e4')->startPasswordlesslogin($requestJ);

$client->withTenantId(...)->passwordlessLogin(...);

Be aware that withTenantId stores the id in the client internal state, and the stored id will be used for all subsequent requests. It may be something that suits you or not - refer to the source code and check how this effect will affect your application.

The docs say that if you have more than one tenant, which I do, that you will need to specify the tenant via the "header". There is even an example: HTTP Authorization Header example

curl -X POST
-H 'Authorization: oa06-d9uxCHTorBOkVdh_QzsX_iEEYARGv8udnMMLJ8'
-H 'Content-Type: application/json'
-d '{"group": {"name": "Admin"}}'
"http://localhost:9011/api/group"

But that example makes no sense to someone using the php client.

Please tell me how to tell FA the tenant to use in the context of a php program?

BTW, $this->output->set_header sets the header for a response sent to the web browser - data defined this way will never reach FA.

So I guess I will need to :Making an API request using a Tenant Id. I am using Codeigniter so I tried using this $this->output->set_header('X-FusionAuth-TenantId: 8ea1c784-866b-4755-b97b-b4fda2ad19e4'); right before my call to start PasswordlessLogin()

The result I am getting is :
FusionAuth\ClientResponse Object
(
[errorResponse] =>
[exception] =>
[method] => POST
[request] => {"applicationId":"2cf00c29-ac46-49bf-8cd4-32538ddb00d8","loginId":"richardbernstein217@gmail.com","state":{"redirect_uri":"http://substantiator-survey.ngrok.io/index.php/Configure/report_generator_amazing","client_id":"2cf00c29-ac46-49bf-8cd4-32538ddb00d8","response_type":"code","scope":"openid","state":"richardbernstein217@gmail.com"}}
[successResponse] =>
[status] => 404
)

Obviously not optimum. But I see I can set an API key:
Using an API key.

You may optionally create an API key that is scoped to a particular tenant. To create an API key navigate to Settings API Keys.

Similar to the example screenshot above where we created a new API key, in this example we have selected the Pied Piper tenant for this API key. Only Users, Groups and Applications belonging to the Pied Piper tenant will be visible to this API.

Create a Tenant API Key
HTTP Authorization Header example
The following example demonstrates an API request to an API endpoint requiring tenantId, using the tenant-scoped API key.

curl -X POST
-H 'Authorization: oa06-d9uxCHTorBOkVdh_QzsX_iEEYARGv8udnMMLJ8'
-H 'Content-Type: application/json'
-d '{"group": {"name": "Admin"}}'
"http://localhost:9011/api/group"

Setting this up requires me to choose an endpoint with Get, put, patch, post, delete. I have no idea how to get my tenant id, 8ea1c784-866b-4755-b97b-b4fda2ad19e4, to work with my call to startPasswordlessLogin. Is there an example anywhere?

But how to create it under it's own tenant (in the UI)?

Once you have more than one tenant, you should see a dropdown when you are adding an application in the UI which lets you determine which tenant the application is associated with.

Note that tenants have different user email spaces. That is to say that if I have an account with tenant A and an account with tenant B, they might have different passwords and they will certainly have different user attributes (last login, for example). That may be ok, but just wanted to make you aware. You may want to read the tenants core concepts docs if you haven't already.

Now for type B I want to have a completely different Passwordless login template (it will say different stuff). But I see under Tenant Default there is only a place for one passwordless login template.

Now I have two different applications,type A (which uses tenant default) and type B (which also uses tenant default)? Why? Because the tenant field in Applications is read only.

You mentioned a day or two ago creating an application under the 2nd tenant. How do I do this in the UI? Under Tenant, is there a place for me to specify what Application to use?

I am thinking that the easiest way to do this would be to just create another application, so there will be 3 in total. But how to create it under it's own tenant (in the UI)?

1. User creation
2. Registration of an existing user in an application.

There is also combined API call, that creates a user and a registration at once - I have missed that saying your register request is invalid - sorry. User creation and registration in one call. This is probably the request you were trying to perform.

You can configure unverified users deletion time in Edit Tenant > Email - as mentioned in my first response. But 5 minute offset is not reachable since the time is given in days.