RE: Implementing GitHub-like "Personal Access Tokens"

@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens

@kiouplidis I found this in the documentation.

In version 1.50.0 and later, the UserInfo response can be customized with a lambda using the oauthConfiguration.userinfoPopulateLambda value of the application object. See UserInfo populate lambda.

In FusionAuth, you can add custom data to the oauth2/userinfo endpoint response using a Lambda function. This function can add extra claims to the UserInfo response. Here's an example of a simple Lambda function that adds a few extra claims:

function populate(userInfo, user, registration, jwt) {
  // Add a new claim named 'favoriteColor' from a custom data attribute on the user
  userInfo.favoriteColor = user.data.favoriteColor;
  // Add a new claim named 'dept' using a custom data attribute on the registration
  userInfo.dept = registration.data.departmentName;
  // Copy a claim named 'applicationId' from the provided JWT
  userInfo.applicationId = jwt.applicationId;
  // Create an event log of type 'Debug' when the lambda has Debug enabled
  console.debug('Added custom claims to the UserInfo response');
}

In this example, the favoriteColor and dept are custom claims added to the UserInfo response. These claims are derived from the custom data attributes on the user and registration respectively.
Please note that the Lambda function needs to be assigned to an application in FusionAuth for it to take effect.

Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?

If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?

I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.

I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.

How do I add the required key to FusionAuth?

Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'.

@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.

Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?

What is the best way for analytics tracking after a user has successfully registered?

@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.

Does FustionAuth support multi-region active-active set-up for cloud services?

@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select Applications. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here.

@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.

@david-cuen Thanks for your patience and dedication to seeing this through. It would help a ton if you could find something reproducible. Let me know what you find and I can continue to try it on this end.

@david-cuen This is really weird. I was not able to replicate it. There is one more thing I may try later if I get some time. That is to make one template that big and try that.

In the mean time, I went back to look at the error message. "Premature EOF" and the fact that it was working on a windows box has be back to believing that a funky character or something is causing the error on the linux box. I wish we could narrow it down. Have you tried to install into another linux environment, EC2 for example, and see if you get the same issue? (That may tell us if it is a linux thing or if it is your one specific environment.) Also, someone mentioned to ask if you have any proxies running in front of FusionAuth?

@david-cuen I wasn't able to find much else out on Friday. Awesome that it looks like you have it narrowed down to the size. I will try to replicate this. I will let you know if I can.

@tim-clark Can you please point to the community discussion where this comes up? I could not find it in the issues.

@david-cuen sorry for the delayed response. I was unexpectedly out. Thanks for trying to dig a bit deeper. The message you definitely leads me to believe that it is either a specific theme or as you said a size thing. Both are a bit confusing to me as the size you mentioned for your themes does not seem that bit and you stated that you tried loading the themes in different orders and that did not seem to make a difference. I will see if I can dig a little deeper on these error messages and see if there is anything I can find.

@david-cuen Goodnews and badnews. The goodnews is that I imported the exact theme you pointed to and was able to copy that 11 times and not issues. My environment now has 26 themes. The badnews is that is not helping you. Sorry. I think we need to dig a little further. Based on the additional pages you mentioned (adding/editing tenant/application) I am wondering if something specific with the edits you have made to the themes. The fact that you change the order they are loaded in makes that less likely though. What are the sizes of the tpl folders for your themes?

@hemanth18pages raising the support ticket is the way to go for sure. It will be good to know if anyone else is experiencing this too.

@david-cuen perfect. I was copying themes, but will us that one and let you know what I find.

@david-cuen OK, I was able to get more than 10, but you're right about it possibly being the size. Is it possible for you to share the theme you are using with us or me individually? I don't want you to give away any secrets, proprietary info or share anything private if you can't but getting a look at the theme may help.

@bernardo-munz Did you play with the SameSite setting?