I've got 28 users. queryString=* only returns 25

Re: Retrieving all users

http://fusionauth:9011/api/user/search/?queryString=*

When I use a specific query string (e.g., "Victor") it finds two users by that name, so I know they are searchable (apart from being visible in the admin GUI).

But when I use the asterisk some user records aren't returned.

It even reports the correct number:

Tried using JSON request body - same result.

UPD: deleted some users, now I have 25 users and the search returns 25 users. Looks like a limitation somewhere.

Ideas?

Should've RTFM first.

numberOfResults

Re: Retrieving all users

http://fusionauth:9011/api/user/search/?queryString=*

When I use a specific query string (e.g., "Victor") it finds two users by that name, so I know they are searchable (apart from being visible in the admin GUI).

But when I use the asterisk some user records aren't returned.

It even reports the correct number:

Tried using JSON request body - same result.

UPD: deleted some users, now I have 25 users and the search returns 25 users. Looks like a limitation somewhere.

Ideas?

Should've RTFM first.

numberOfResults

Thank you! I tried it once, didn't work properly.

So tried it again now.

I copied the FusionAuth theme, then went to edit the new one, on to OAuth authorize and deleted most stuff. Here's what's left after </script>:

  [@helpers.body]

    [@helpers.header]
      [#-- Custom header code goes here --]
    [/@helpers.header]


    [@helpers.main title=theme.message('login')]
      
      [@helpers.alternativeLogins clientId=client_id identityProviders=identityProviders passwordlessEnabled=passwordlessEnabled/]
    [/@helpers.main]

    [@helpers.footer]
      [#-- Custom footer code goes here --]
    [/@helpers.footer]

  [/@helpers.body]
[/@helpers.html]

Then in tenants - general - login theme I swapped the Fusionauth theme for the new one. Ok, logging in...

Now I do get a (more or less) the screen I wanted. I'd prefer no "--- or ---" but ok:

But after confirming the login via google/apple I get this:

Changing the theme back fixes the problem.

I have apple/google registration and logging in working. I don't need anything else - no login/password, no magic link, etc - just need apple/google.

How do I remove the highlighted bit from my app login screen?

Thanks!

@robotdan said in Identity Provider with no email?:

Each of these IdPs can be assigned a Reconcile Lambda, a default lambda is provided with FusionAuth that you can use and modify.

I'm using the default lambda. And it does NOT return "name/fullname" as I mentioned earlier. Google and Twitter do return "name/fullname".

Here's how Apple Identity provider is set up:

I played with it more and found this:

1. Login with Apple sometimes works, sometimes doesn't. It looks like users with emails that are not known to my FusionAuth are fine. But existing emails are not.

2. When a new user is successfully registered via Google or Twitter (didn't try other providers) all there fields are returned by /oauth2/userinfo: 'given_name', 'family_name', and 'name'. And consequently the FusionAuth database has all three: 'firstName', 'lastName', and 'fullName'.

However, when a new user is onboarded via the Apple plugin, the user is missing 'name' as returned by /oauth2/userinfo, and 'FullName' is also missing from the database.

@dan here's the message:

An email address was not provided for the user. This account cannot be used to log in, unable to complete this login request.

debug is enabled, but I have no idea where to look for logs - under docker the log that is seen in e.g. Portanier is only showing some older warnings:

WARNING: Please consider reporting this to the maintainers of org.apache.ibatis.reflection.Reflector WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release

Another interesting thing: of two of my friends who tried it, one was able to log in, and Apple even asked him if he wanted to hide his real email address. The other one got the same message that I'm getting.

Checked again. Here's the screenshot:

Apple authentication is done, back to FusionAuth, and still

An email address was not provided for the user. This account cannot be used to login, unable to complete this login request.

I can't really debug inside Docker - the Portainer->log only shows an irrelevant error that happened ages ago:

`
26-Sep-2020 13:55:07.670 INFO [http-nio-9011-exec-2] org.apache.tomcat.util.http.Parameters.processParameters Invalid chunk starting at byte [172] and ending at byte [173] with a value of [=] ignored

Note: further occurrences of Parameter errors will be logged at DEBUG level.

WARNING: An illegal reflective access operation has occurred

WARNING: Illegal reflective access by org.apache.ibatis.reflection.Reflector (file:/usr/local/fusionauth/fusionauth-app/web/WEB-INF/lib/mybatis-3.4.6.jar) to field java.util.UUID.serialVersionUID

WARNING: Please consider reporting this to the maintainers of org.apache.ibatis.reflection.Reflector

WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

WARNING: All illegal access operations will be denied in a future release`

Is 'login with Apple' working right now? I get the above mentioned error with different accounts. I followed the instruction here - maybe it's a bit out of date?

I don't get asked by Apple whether I want to give my real or fake email, so FusionAuth must not be asking for it?

Apple dev doc says:

To request user information in the id_token (assuming you are requesting via the /auth/authorize REST API), you’ll need to include the scope query parameter, which supports the values—name and email. You can request one, both, or none.
Note: Use space separation and percent-encoding for multiple scopes; for example, “scope=name%20email”.

...

If you request the user’s verified email address, Sign in with Apple prompts the user for it, to share with your app. The user may choose to share their real email address or an anonymous one that uses the private email relay service. In both cases, Apple verifies that the email address works and is ready for use.

Thanks!

@dan said in Telegram bot user authentication:

What is the client that is going to be checking that state value?

I'm doing all my quick-and-dirty MVP stuff in node-red - however, finding a working encryption node suddenly proves to be a problem

@dan thank you so much for pointing out "user.data". I'll incorporate it into my design.

speaking of user.data - I tried using PATCH, and it works, however - when one of the fields is an array, data is constantly added to it.

{
    "user": {
        "data": {
            "telegram_chat_id": 10101010101,
            "cameras": [
                {
                    "mac": "AA-3F-A1-00-00-00",
                    "name": "neocam1"
                },
                {
                    "mac": "FF-3F-A1-00-00-00",
                    "name": "neocam2"
                }
            ],
            "disarmed": 0
        }
    }
}

so after the first PATCH I've got 2 cameras, after the second PATCH I've got 4, etc.

Is this by design?

As to 'state' - I'm thinking about passing an encrypted string and decrypt it when it's back.