workflow for self registration
-
@mgetka Is there any example of how to specify a tenantID in a php call? I searched for ->withTenantId() as you show in your example call above and can't find it anywhere on the FA site.
-
The code snippet I put in the post where I first mention the
withTenantId
method is actually such an example. When I recommended referencing the source code, I meant the code itself, not the docstrings - the logic behind thewithTenantId
method is quite simple, and the code describes mentioned effects (alteration of internal client state) in the most unambigious way.If you need more verbose examples see the code below
<?php require __DIR__ . '/vendor/autoload.php'; $apiKey = "5a826da2-1e3a-49df-85ba-cd88575e4e9d"; $client = new FusionAuth\FusionAuthClient($apiKey, "http://localhost:9011"); $request = array( "applicationId" => "c9a6f176-93df-4eaa-b67c-b651d18df60c", "loginId" => "user" ); $result = $client->withTenantId("adca656e-4895-4a9e-ac2e-8b9ebebb5149")->startPasswordlesslogin($request); var_dump($result); ?>
For such a call, the client invokes following HTTP API request
POST /api/passwordless/start HTTP/1.1 Host: [...]:9011 Accept: */* X-FusionAuth-TenantId: adca656e-4895-4a9e-ac2e-8b9ebebb5149 Authorization: 5a826da2-1e3a-49df-85ba-cd88575e4e9d Content-Length: 73 Content-Type: application/json {"applicationId":"c9a6f176-93df-4eaa-b67c-b651d18df60c","loginId":"user"}
-
Thanks. I modified as requested. I am still getting a 404 error. Note that the errorResponse is blank.
Here is the call:
$result = $_SESSION['client']->withTenantId('8ea1c784-866b-4755-b97b-b4fda2ad19e4')->startPasswordlesslogin($requestJ);Here is the $result I am seeing:
FusionAuth\ClientResponse Object
(
[errorResponse] =>
[exception] =>
[method] => POST
[request] => {"applicationId":"2cf00c29-ac46-49bf-8cd4-32538ddb00d8","loginId":"richardbernstein217@gmail.com","state":{"redirect_uri":"http://substantiator-survey.ngrok.io/index.php/Configure/report_generator_amazing","client_id":"2cf00c29-ac46-49bf-8cd4-32538ddb00d8","response_type":"code","scope":"openid","state":"richardbernstein217@gmail.com"}}
[successResponse] =>
[status] => 404
) -
This is a valid result with clear cause described in the docs.
404
The user was not found. The response will be empty.You need to understand that each tenant has its own, separate user base. So, if the user exists in one tenant, he doesn't necessarily exists in another. Anticipating your question, you cannot have a common user base for multiple tenants - If you want to have single user base, then work on a single tenant.
-
OK. I switched over to doing both the user registration and the user passwordless login in a single tenant. In this tenant, I need to set both the registration verify template and the passwordless login template. I am not sure where to set the reg verify template. Hre is an image of what I have set:
I don't see a place for the verify registration template?
When a user tries to register, I get a "530 Authentication required" error in the event log, and the verify email is not being sent.
-
Passwordless template is used for passwordless email, so as you are using passwordless login flow, you need this template. This topic, started with the question about email verification, so I suppose you use this feature, and email verification template will be useful as well. As for the registration verification template, as I have recently written:
To sum it up, user entity, created on an user creation event represents an user. This entity contains the user email and its verification status. The user email verification email may be sent only on user creation.
The registration, is an entity that associates already existing user to a specific application. The registration is not related to user email nor its verification status. However, it can contain alternative username to be used by the user in this application only. On an event of registration creation, FA can send confirmation email, but it doesn't confirm user email, it only confirms whether the registration of an user in the application should persist.So if you want users to confirm registrations in certain applications (in addition to verifying email addresses, which can be understood as account creation verification), configure the functionality, and prepare registration verification template.
530 Authentication required
SMTP error means that your tenant SMTP configuration is invalid. -
@mgetka Thanks. I will try it.
Here is the current way I try to add a user and register them.$request = array();
$request["registration"]["applicationId"] = $_SESSION['applicationID_admin_register_login'];
$request["user"]["email"] = $email;
$request["user"]["password"] = "12345678";
$request["user"]["userId"] = $id; //this is the record number from the employees table -needed to delete the record from mySQL
$request["user"]["type"] = "admin"; //mark this guy as admin
//add the id from the employees table
$requestJ = json_encode($request); //convert the array into json
$result = $_SESSION['client']->register("", $requestJ);Are you saying that I need to set the registration verifcation emaIl via the API, rather than using the UI (see the email verification text field in above image)? Notice that I am not using the tenantID anywhere in this? But the application ID is used and it does have a tenant associated with it. Again, just to make my question clear. Where do I specify in the UI which template to run for registration verification?
On the tenant SMTP and the 503 error, I am using the EXACT same SMTP that was working correctly before I moved to a new application (due to not being able to do the registration in one tenant and the login in a different one).
-
$request["user"]["type"] = "admin";
The user entity has not
type
member. To make such a distinction you can use groups.You can set registration verification template either via GUI ora API - it doesn't make a difference. Since registrations are application specific, you firstly need to enable application's registrations verification and then you can select the template. Via GUI it can be done in Edit Application > Registration.
But still, at the moment I'm rather confused, and don't really know what are you actually trying to achieve. I suppose that email verification is the only verification that you need, but that is just my guesing.
In the previos post you mentioned 530 error, now it is 503. Also, you haven't provided full trace, so my response was based on some guessing, and the fact that 530 is actually defined in SMTP. On the other hand 503 HTTP code may be returned by the FA on an event of elastic search issues.
503
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. -
@mgetka It is 530. When I try to send a test email from this application I get
"Unable to send email via JavaMail530 Authentication required"
Is that something that can be fixed in my FA setup or is this a question for AWS? I do have another application using the same smtp that works fine.
-
Email troubleshooting is documented here: https://fusionauth.io/docs/v1/tech/troubleshooting/#troubleshooting-email
Might be worth trying some of the steps outlined there.
-
Thanks. I have tried sending the test email from the UI from the two different tenants. One consistntly fails and the other consistantly works. I am attaching the two tenant views. From the SMTP POV they are exactly the same except for the name.
The one that works is from the default tenant and the one that doesn't is from administrators.
I have asked AWS support if they could tell me exactly why this is failing. Are we sure that the failure is being generated from the AWS SES (SMTP)server?
-
Hard to know exactly what's going on.
I would try creating another tenant and seeing if the same SMTP settings fail. Then I'd try standing up a version with the very latest FusionAuth version and seeing if you see the same behavior.
Also, do you have the same tenant smtp settings? That is under the "advanced" tab, then "smtp settings".