RE: Form Field verification strategy still sends a link for verification

Seems like it doesn't work until the gated unverified behavior feature is enabled.

Although this is confusing because FusionAuth accepts my new form field verification strategy setting but just ignores it.

Hi,
I chose the Form Field verification strategy in tenant settings and also checked the email template to make sure it's correct but the email is still sent with a link, not a one-time code.
What could be the problem here?

Thank you

Hi,
Emails from FusionAuth are being spammed or bounced back by some email providers because of missing the "Date" header. Can this header be configured?

Hi,

I sent many emails to newly registered users to either set their password (if they haven't provided it in our registration form) or only verify their email.

An issue happened with our email service provider and some of the emails were not sent and now I have to check if users already have a password (to only send them a verification email) or if they still haven't set their password (to send them a password set email).

I checked the value of "passwordChangeRequired" field of the users and none of them were true, which I believe it has to be for users who have been sent a password set email but they still haven't set it. Because it is required for them to change their password anyway, otherwise they wouldn't be able to login.

Can anyone help me with this issue?

FusionAuth version: 1.27.2

Seems like the library I used is opinionated. Thanks for the hints.

Hi,
I tried to validate a JWT access token issued by a FusionAuth server instance in Python with Simple JWT but got the error:

rest_framework_simplejwt.exceptions.TokenError: Token has no type

The library expects a key token_type (configurable) with a value of access in the token's payload but FusionAuth does not include such in its tokens. Does anyone have any idea what's wrong here?

@robotdan Also, it was actually me who opened the mentioned issue.

In FusionAuth, the access token is always a JWT.

That's what I got wrong then. I thought that if I disable JWT in an application, then FusionAuth will issue some other type of access token. Now it's clear.
Thank you.

No problem. But I'm asking about non-JWT access tokens. What about those?

As I have understood, if the issued access token is not of type JWT, then the token's validity must be checked with the FusionAuth server for each user request.
But seems like none of the client libraries have implemented this endpoint (at least Python and Javascript haven't) and the conclusion I get is that this endpoint is not as essential as I thought.
Also saw that even the Python's requests_oauthlib library has not implemented this endpoint in it's OAuth2 session implementation.
So I'm a bit confused whether it's actually necessary to call this endpoint or not. Can anyone explain the protocol a bit?