FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. mark.robustelli
    • Profile
    • Following 0
    • Followers 0
    • Topics 15
    • Posts 349
    • Best 23
    • Controversial 0
    • Groups 3

    mark.robustelli

    @mark.robustelli

    24
    Reputation
    38
    Profile views
    349
    Posts
    0
    Followers
    0
    Following
    Joined Last Online

    mark.robustelli Unfollow Follow
    FAQ Posters FusionAuth administrators

    Best posts made by mark.robustelli

    • RE: Implementing GitHub-like "Personal Access Tokens"

      @mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Missing data.salution in /ouauth/userinfo which replaces /api/user

      @kiouplidis I found this in the documentation.

      In version 1.50.0 and later, the UserInfo response can be customized with a lambda using the oauthConfiguration.userinfoPopulateLambda value of the application object. See UserInfo populate lambda.

      In FusionAuth, you can add custom data to the oauth2/userinfo endpoint response using a Lambda function. This function can add extra claims to the UserInfo response. Here's an example of a simple Lambda function that adds a few extra claims:

      function populate(userInfo, user, registration, jwt) {
        // Add a new claim named 'favoriteColor' from a custom data attribute on the user
        userInfo.favoriteColor = user.data.favoriteColor;
        // Add a new claim named 'dept' using a custom data attribute on the registration
        userInfo.dept = registration.data.departmentName;
        // Copy a claim named 'applicationId' from the provided JWT
        userInfo.applicationId = jwt.applicationId;
        // Create an event log of type 'Debug' when the lambda has Debug enabled
        console.debug('Added custom claims to the UserInfo response');
      }
      

      In this example, the favoriteColor and dept are custom claims added to the UserInfo response. These claims are derived from the custom data attributes on the user and registration respectively.
      Please note that the Lambda function needs to be assigned to an application in FusionAuth for it to take effect.

      posted in Release
      mark.robustelliM
      mark.robustelli
    • RE: Salesforce error: Id_Token_Error: Missing or invalid iss

      Hello @yuval,
      I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?

      If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key

      I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.

      I think it has to do with following message in the guide:
      The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.

      How do I add the required key to FusionAuth?

      Error Message:
      An unhandled exception occurred while processing the request.
      SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
      kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
      Number of keys in TokenValidationParameters: '0'.
      Number of keys in Configuration: '0'.
      Exceptions caught:
      ''.
      token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: 3rd Party Authentication

      @it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.

      Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • Using Analytics to Track Registrations

      What is the best way for analytics tracking after a user has successfully registered?

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: 3rd Party Authentication

      @it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • Multi-Region Cloud Setup

      Does FustionAuth support multi-region active-active set-up for cloud services?

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: 3rd Party Authentication

      @it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select Applications. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: Add User to group not working

      @sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.

      posted in Q&A
      mark.robustelliM
      mark.robustelli

    Latest posts made by mark.robustelli

    • RE: Is it safe to build my own authentication system for production?

      @jobcuatoi14, Since I work for FusionAuth, I obviously have a pretty strong opinion on this one. Beyond that, I still have a strong opinion as a developer in general. I will share with you my thoughts so you can take them under consideration.

      I'm not going to tell you what you should and shouldn't do. Everyone's authentication strategy is their own decision. Personally, in general, I would recommend against building your own. Instead of listing reasons, I will pose questions for you to consider so you can come to your own conclusion.

      • Are you a security expert? If not, you will need to implement all the standards. Yes, you can use common libraries, but you will have to always stay up on the latest and greatest. Everyday you will need to check for vulnerabilities in every library you use. If something breaks, you will have to stop what you are doing on your core product and fix it. You also mentioned JWTs and there are many other well known standards out there such as OAuth. Knowing the recipe and executing it are two different things. You may read how to prepare Fugu, but do you really want to do that yourself or leave it to an expert?

      • Is authentication your product? If not, you will have to consider all the time you will be dedicating to authentication as a developer. How much better would your core product be if you spent that time focusing on it?

      • How much time do you have to dedicate to building your own auth? Even with standard libraries, you will have to build a lot. Probably more than you initially thought. I know you talked about using bcrypt for hashing, but are you aware of the concept of using salt with the passwords? If not, I would really recommend not doing it. If you are, that is just one more thing you will have to deal with. You mentioned the forgot password flow, but you will likely need other things like initial registration flow. What about updating user data in general?

      • What features do you need? Of course that comes down to what you are trying to protect. If you are just maintaining your small blog subscription, username and password may work. If it is more sensitive, you may need things like MFA. Will you need to allow social logins? Will you need to enforce password policies? Will you need to support passwordless login? Role Based Authentication?

      • Do you have time to maintain what you build on top of your core product? Once you have it built does not mean you can forget about it. Security is an evergreen process. The consequences of a lapse and impact on your product/company can only be measured by you.

      I could go on and on, but I think for a forum post this gives a pretty good support of my recommendation.

      Whatever issue you have with the other tools you mentioned or even FusionAuth itself, I would challenge you strongly to consider if the issue is easier to deal with than creating the whole system yourself. In my experience, it is usually easier to work around the issue than build your own.

      I can't necessarily speak for the other products you have listed, but if you list some of your concerns with FusionAuth, I may be of some assistance.

      Are you aware FusionAuth has a free Community Edition?

      Also, I would recommend going through a FusionAuth Quickstart in the programming language of your choice to see how easy it is to get started.

      Deciding which authentication to use is not a simple choice, I hoped this helped and didn't sound too "salesy".

      I'd love to hear other's thoughts on this as well.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: The twoFactorLogin method for the typescript client doesn't return the refreshToken

      @eakpan which FusionAuth client are you using?

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: The twoFactorLogin method for the typescript client doesn't return the refreshToken

      @eakpan would it be possible for you so share some of the code?

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: Enquiry Regarding FusionAuth Evaluation and Access Management Capabilities

      @jay-saxophone383 I do believe you can get FusionAuth to work as you described here. Here are some links that may give you a little more detail.

      SAML v2 with ADFS

      OpenID Connect with Azure AD

      Enabling Single Sign-On in an Organization

      Product Update

      As mentioned above, some of the features described are only available with paid planes and if you need to test them out, you will want to contact FusionAuth and see what can be worked out.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Enquiry Regarding FusionAuth Evaluation and Access Management Capabilities

      @jay-saxophone383

      Does FusionAuth provide an evaluation license to test its premium features for on premise?

      As far as I know there is no license that allows you to test the premium features. If this is something you are interested, you may want to reach out to the sales team.

      You can use the public sandbox instance, which has a valid license and access to all premium features. No credit card or account is required. However, be aware that any data you enter is public and the environment is reset regularly, so your changes will not persist.

      Is there something specific (a feature/use case) that you are interested in and how it works?

      Does the solution offer robust capabilities to collect and securely store detailed information about trusted user devices and activities during access management sessions?

      Yes, in addition to general logging there are numerous webhooks that allow you to consume JSON messages emitted from FusionAuth events.

      This information is crucial for tracking audit trails and performing analytics, particularly in the following areas:

      a) Device Information
          i) Various device types and models

      Yes

      ii) Popular operating systems across desktop and laptop platforms (e.g., Windows, macOS, Linux, ChromeOS) and mobile platforms (e.g., Android, iOS, others)

      Yes

      iii) Security posture details, such as antivirus software and posture checks

      I'm not sure what you mean with this question. FusionAuth does have Advanced Threat Detection available. Is that what you are talking about?

      b) Comprehensive Reporting
          Ability to track all access management activities, including login times, accessed resources, actions performed, user activity patterns, and associated geographic locations

      FusionAuth has a few views you can look at to see such information (like the dashboard below), but between the webhooks and API access you should be able to collect, organize and view the data the way you would need to.

      This is an example of the dashboard with some of the advanced features enabled.

      Screenshot 2025-05-27 at 11.17.42 AM.png

      Here is an example from a successful login webhook.

      {
        "event" : {
          "applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32",
          "authenticationType" : "PASSWORD",
          "connectorId" : "e3306678-a53a-4964-9040-1c96f36dda72",
          "createInstant" : 1747952916005,
          "id" : "fbeb32bc-0a98-4835-800e-7b0b5aa75523",
          "info" : {
            "deviceName" : "macOS Chrome",
            "deviceType" : "BROWSER",
            "ipAddress" : "192.168.147.1",
            "userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
          },
          "ipAddress" : "192.168.147.1",
          "linkedObjectId" : "00000000-0000-0000-0000-000000000001",
          "tenantId" : "d7d09513-a3f5-401c-9685-34ab6c552453",
          "type" : "user.login.success",
          "user" : {
            "active" : true,
            "birthDate" : "1981-06-04",
            "connectorId" : "e3306678-a53a-4964-9040-1c96f36dda72",
            "data" : {
              "favoriteColor" : "chartreuse"
            },
            "email" : "admin@example.com",
            "firstName" : "Dinesh",
            "id" : "00000000-0000-0000-0000-000000000001",
            "insertInstant" : 1736377123822,
            "lastLoginInstant" : 1747952916005,
            "lastName" : "Chugtai",
            "lastUpdateInstant" : 1746139865421,
            "memberships" : [ ],
            "passwordChangeRequired" : false,
            "passwordLastUpdateInstant" : 1746139893637,
            "preferredLanguages" : [ ],
            "registrations" : [ {
              "applicationId" : "ec526002-35cc-4e6e-8f5b-0e4fba2b08c8",
              "data" : { },
              "id" : "b2e3f755-1b1f-44f5-92ff-e6a41fa3eb12",
              "insertInstant" : 1745098563132,
              "lastLoginInstant" : 1745279910748,
              "lastUpdateInstant" : 1745098563132,
              "preferredLanguages" : [ ],
              "roles" : [ ],
              "tokens" : { },
              "usernameStatus" : "ACTIVE",
              "verified" : true,
              "verifiedInstant" : 1745098563132
            }, {
              "applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32",
              "data" : { },
              "id" : "53635379-6b65-47c0-a593-579f1e0340ec",
              "insertInstant" : 1736377123867,
              "lastLoginInstant" : 1747952916005,
              "lastUpdateInstant" : 1736377123867,
              "preferredLanguages" : [ ],
              "roles" : [ "admin" ],
              "tokens" : { },
              "usernameStatus" : "ACTIVE",
              "verified" : true,
              "verifiedInstant" : 1736377123867
            } ],
            "tenantId" : "d7d09513-a3f5-401c-9685-34ab6c552453",
            "twoFactor" : {
              "methods" : [ ],
              "recoveryCodes" : [ ]
            },
            "usernameStatus" : "ACTIVE",
            "verified" : true,
            "verifiedInstant" : 1736377123822
          }
        }
      }
      

      Hope this answers your questions.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Getting 403 : disallowed_useragent with Google Auth

      @robin-singh said in Getting 403 : disallowed_useragent with Google Auth:

      We have android/iOS app where authentication redirects to fusionauth login page.
      And here we have Facebook/Google login setup.
      Facebook and native login is working fine but with Google login getting Error 403: disallowed_useragent.

      Is there any way to directly open sign in for google which will send data to fusion auth only.

      Are you trying to open the login in your application? Maybe try to use the system browser to up the Google login and see if that works. Google disallows OAuth login flows inside embedded web views (like those used in many mobile apps).

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Cancel a Previously Taken Action

      @d-chinguun-0301 No problem. Glad you figured it out. No need for apologies, if you were confused others may be as well. Now when they search here, they will have an answer. Have a great one

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Cancel a Previously Taken Action

      @d-chinguun-0301 can you give us some example code of what you are trying to do? What API are you using and how are you trying to cancel the call?

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Encountering certificate issue causing customers to be locked out

      If you need help in a non public forum and you have a paid plan which includes technical support, please open a ticket via your account portal.

      If you don't have a paid plan and still want the private support, please check out the Essentials Plan. You will get private email support with that.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: Encountering certificate issue causing customers to be locked out

      @john-spellman, Can you let us a bit more about how you created the key? Which option did you choose to import? Which certificate type did you use? You could try different types.

      Anything you can tell us about which Identity Provider you created and what the architecture looks like will help. Is FusionAuth the IdP/SP or both?

      Also, If you can share the settings of you SAML tab for the application (without sharing secrets), that may give us some insight to the issue as well, if you are using FusionAuth as an IdP.

      I don't have a ton of experience with importing certificates, so if anyone out there knows better, please feel free to chime in.

      I have set up a key for a SAML provider before and using an RSA/RS256 type key. I generated that key with FusionAuth, but I don't see any reason you couldn't import the key you need.

      You may want to check out this blog to test a simple SAML configuration if your situation reflects the setup.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli