That seems to work. Thank you for the quick patch.
Best posts made by twosevenxyz
-
RE: Unable to create application(s)
-
RE: Bulk deletion by tenantId throws error
The reason for bulk deletion links to another question I asked recently. I imported 850K+ users recently, and given that I had not registered the users against all applications, I decided to delete all users and re-import.
Latest posts made by twosevenxyz
-
RE: Unexpected validity of access_token obtained via exchanging refresh_token
Yes, I'm explicitly passing the
client_id
as a request parameter as part of every request---initial login request as well as subsequent refresh token grant requests.Is this happening because I use the Login API as opposed to OAuth API?
-
RE: Unexpected validity of access_token obtained via exchanging refresh_token
Changing the JWT lifetime in the tenant reflects in the lifetime of the
access_token
obtained by exchangingrefresh_token
.
For example, with the following config, here's what I get in my logs:Application Settings
Tenant Settings
Token expires in 28475 {aud: "faa64edb-ecca-4acb-a35e-d83f395ac04e", iat: 1607337214, exp: 1607337244} Refreshing tokens to avoid expiry {aud: "faa64edb-ecca-4acb-a35e-d83f395ac04e", iat: 1607337214, exp: 1607337244} Token expires in 35999195 {aud: "faa64edb-ecca-4acb-a35e-d83f395ac04e", iat: 1607337215, exp: 1607373215}
-
RE: Unexpected validity of access_token obtained via exchanging refresh_token
I'm running FusionAuth v1.18.8
The
access_token
that is first issued has the right expiry. Anyaccess_token
received via exchangingrefresh_token
has a 12 hour validity.
My tenant does have a 12 hour validity on theaccess_token
. However, any tenant setting should be overridden by the application-specific setting, is it not? -
Unexpected validity of access_token obtained via exchanging refresh_token
When exchanging a
refresh_token
for anaccess_token
, I expect the resultingaccess_token
to have a validity as defined by the application.
However, this doesn't seem to be the case..
Currently, I'm not sure where the 12-hour duration for the JWT is coming from. Is this a default value? If so, how would I override it?
-
RE: user.email.verified webhook not firing
I think the difference between what you are doing and what I'm doing is that I'm creating accounts via APIs.
await fusionAuthClient.register({ registration: { applicationId: clientId }, user: { email, password, data: { hasPassword: true, loginsCount: 0 } } })
When I do this, FusionAuth sends out a verification email to the user. However, when the user verifies their email by clicking the link in the verification email, the
user.email.verified
webhook does not fire.
Also, theuser.create
webhook does not fire when I register the user (create+register) as shown above.What version are you running? v1.18.8
Did you get the emails? No. However, I get an email when I perform the webhook test.
Did you configure webhooks in both locations (under settings and tenants)? Yes -
user.email.verified webhook not firing
When I call the relevant APIs to create a user account, FusionAuth sends them a verification email. However, when they verify their account, my configured
user.email.verified
webhook does not fire. I have also trieduser.create
webhook and that does not work either.
I'm quite certain that the webhook itself has been configured correctly, since the webkhook test works as expected. It's just that it never automatically triggers when a user verifies their email. What am I doing wrong? -
RE: Identity Provider with no email?
From my (layman's) standpoint, that feels a bit arbitrary
Is a Facebook login different from OIDC? Is there a good reason as to why FusionAuth is preventing these users from being able to login? -
RE: Identity Provider with no email?
I added the following lambda, but I'm quite confident that the lambda function never runs.
// Using the response from Facebook Me API, reconcile the User and User Registration. function reconcile(user, registration, facebookUser) { user.firstName = facebookUser.first_name; user.middleName = facebookUser.middle_name; user.lastName = facebookUser.last_name; user.fullName = facebookUser.name; if (facebookUser.picture && !facebookUser.picture.data.is_silhouette) { user.imageUrl = facebookUser.picture.data.url; } if (facebookUser.birthday) { // Convert MM/dd/yyyy -> YYYY-MM-DD var parts = facebookUser.birthday.split('/'); user.birthDate = parts[2] + '-' + parts[0] + '-' + parts[1]; } if (!facebookUser.email) { user.email = facebookUser.sub + '@no-email.twoseven.xyz'; console.info('Added missing email: \n' + JSON.stringify(facebookUser)); } }
Whenever I perform a login with a Facebook account that has no email registered, I see the following in the event log:
... 8/28/2020 05:05:45 AM EDT Call the [https://graph.facebook.com/oauth/access_token] endpoint. 8/28/2020 05:05:45 AM EDT Endpoint returned status code [200] 8/28/2020 05:05:45 AM EDT The identity provider was unable to reconcile the email address. An email address is required to complete this request.
-
RE: Identity Provider with no email?
Any chance we can do this for Facebook on the latest version?
-
RE: Bulk deletion by tenantId throws error
Sadly, that isn't a viable option for me. I spent a considerable amount of time on setting up email templates.. I don't want to lose those.
It would be great if we could export these non-user settings, and later re-import them. This might be a good case for setting up a Github issue/feature-request. I will go ahead and create that.