Adding support for 3rd party clients authentication

Our app exposes some APIs that can be consumed by our clients, where each client has multiple users (who are, of course, authenticated using FusionAuth). We want to be able to provide a way for them to have register their apps and have their own client ID/secret so that they can make some api calls (we understand that we might have to create some UI to support this). Think of how we can register our apps with GitHub.

Is there a way to support this use case in FusionAuth? The only way I could think of even getting started is by making an api call to add new Application but my head started spinning thinking of the next steps? Any suggestions on how to get started? Or opinion on if this is even supported?

Thank you!

That makes sense. Thanks @dan!

Is there an "automatic" way to register a user to a different application, say, a mobile app, when they register for, say, a web app? Or do we have to do that at the application level using an API?

Ahh! So leave out encryptionScheme, factor, and salt and set password to a 32 bytes random password. Makes sense. Thank you!

Out of curiosity, "then FusionAuth will hash the password inline before it stores the value". What determines a non-hashed password? The absence of salt?

@dan It does! We are trying it out today to see if it works or not. I'll report back. Thank you so much for jumping on it and coming up with a solution.

What's a good way to generate a URL that would take a user directly to the registration page (bypassing the login page) and with a redirect URL? It's an ASP .NET Core app. Do I need to use an API or is there a more "direct" way?

I feel like this has been asked and answered before but my search fu failed me.

I totally forgot to add the register the user manually to the FusionAuth application. It is working now, thank you!

Is it possible to have multiple admins on a single FusionAuth instance? I created an "admin" group with all the permissions selected and then added a new user to this group. When I tried to login using this new user, I get this message

Your account does not have permissions to access the FusionAuth Admin Interface. Please contact your system administrator.

That's exactly what I ended up using (by adding it as a custom claim in a lambda function)

function populate(jwt, user, registration) {
  jwt.provider = Object.keys(registration.tokens)[0];
}

. The only problem is that I don't seem to be able to pass all the tokens and then "map" it out in the backend. Also, I think I already know the answer to this and this may sound dumb, but how can you have multiple tokens? A user with multiple providers? If so, how are they consolidated and combined?

Lastly, it would have been nice if user.registrations had a providers field.

Thanks for the reply @dan.
We ended up storing sub ID on our side. We thought that might gives us more flexibility down the road (not sure about this but if it doesn't work then we'll have an extra column in the db; a small price to pay IMHO).

"Where to map the ID?" was a bit headache for us as we didn't want to miss it or make an extra call by polling ourselves. Since we are using .NET Core, we ended up hooking into OnUserInformationReceived event, one of many from OpenIdConnectEvents. Hopefully, I'm not doing something really stupid.

Is there a way to know what provider a user has used to register their account? I'm mainly looking that in the (custom) claims but I don't see it in the admin panel either.

Hi,
We have an internal table for storing user information which much more columns. How does one go about mapping them? I can think of adding a new column in our table something like fusion_auth_id to save FA's id or use a claim field in FA to save our ID. Is there a better way? Also, our registration is self served and we don't plan to use registration API. Given that, where should we "map" the ID? Using a webhook?

Thank you!