I'd like to update the user data object in the UI. I know I can do it via the API: https://fusionauth.io/docs/v1/tech/apis/users
dan
@dan
Developer Advocate at FusionAuth.
46
Reputation
504
Posts
25
Profile views
1
Followers
0
Following
Best posts made by dan
-
Is there a way to update user data in the UI?posted in Q&A
-
Can I configure the inactivity timeout of the FusionAuth Session cookie?posted in Q&A
I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?
-
Seeking users of FusionAuth to take a surveyposted in Announcements
Heya FusionAuth Users!
Got a minute to share your experience with the FusionAuth platform?
Please take this short Capterra survey.
You'll help improve the software and the first 100 eligible reviewers will get a $20 gift card.
-
Unable to create a registration using the .NET core clientposted in Q&A
Hiya,
I'm unable to create a user registration using the .NET client libraries: https://fusionauth.io/docs/v1/tech/client-libraries/netcore
I have verified that the API key is basically a super user. I've verified that I'm sending the registration object. I've tried twiddling different properties (verified, insertInstant) and made sure that the application exists. I've added the a user registration to the application manually and it works. Creating a user and setting the userdata works just fine. It just seems like the registration isn't working.
I looked in https://github.com/FusionAuth/fusionauth-netcore-client/issues and https://github.com/FusionAuth/fusionauth-issues/issues but didn't see any relevant issues.
Here's my code so far (you can run it with
fusionauth_api_key=<key> dotnet.exe run -- foo@foo5.com bluepass123 blue)$ cat usermanager.csproj <Project Sdk="Microsoft.NET.Sdk"> <PropertyGroup> <OutputType>Exe</OutputType> <TargetFramework>netcoreapp3.1</TargetFramework> </PropertyGroup> <ItemGroup> <PackageReference Include="FusionAuth.Client" Version="1.15.7" /> <PackageReference Include="JSON.Net" Version="1.0.18" /> </ItemGroup> </Project>$ cat Program.cs using System; using io.fusionauth; using io.fusionauth.domain; using io.fusionauth.domain.api; using System.Collections.Generic; using Newtonsoft.Json; namespace usermanager { class Program { private static readonly string apiKey = Environment.GetEnvironmentVariable("fusionauth_api_key"); private static readonly string fusionauthURL = "http://localhost:9011"; private static readonly string tenantId = "66636432-3932-3836-6630-656464383862"; static void Main(string[] args) { if (args.Length != 3) { Console.WriteLine("Please provide email, password and favorite color."); Environment.Exit(1); } string email= args[0]; string password = args[1]; string favoriteColor = args[2]; FusionAuthSyncClient client = new FusionAuthSyncClient(apiKey, fusionauthURL, tenantId); User userToCreate = new User(); userToCreate.email = email; userToCreate.password = password; Dictionary<string, object> data = new Dictionary<string, object>(); data.Add("favoriteColor", favoriteColor); userToCreate.data = data; UserRegistration registration = new UserRegistration(); registration.applicationId = Guid.Parse("4243b56f-0b45-4882-aa23-ac75eea22d22"); registration.verified = true; registration.insertInstant = DateTimeOffset.UtcNow; var registrations = new List<UserRegistration>(); registrations.Add(registration); userToCreate.registrations = registrations; UserRequest userRequest = new UserRequest(); userRequest.sendSetPasswordEmail = false; userRequest.user = userToCreate; string u = JsonConvert.SerializeObject(userRequest); Console.WriteLine(u); var response = client.CreateUser(null, userRequest); string json = JsonConvert.SerializeObject(response); Console.WriteLine(json); if (response.WasSuccessful()) { var user = response.successResponse.user; Console.WriteLine("retrieved user with email: "+user.email); } else if (response.statusCode != 200) { var statusCode = response.statusCode; Console.WriteLine("failed with status "+statusCode); } } } }
-
New website!posted in Release
We just released an overhaul of the website: https://fusionauth.io/ which includes a new look for the API docs: https://fusionauth.io/docs/v1/tech/
-
RE: What happens after asymmetric key expiration?posted in Q&A
Well, since we're talking about behavior based on a fix that isn't written yet, things are a bit theoretical.
Here's one approach we'd consider. An expired key pair cannot be used to sign a JWT, so we would either have to generate a new key pair ahead of the expiration, or start failing login operations. The former is a better user experience, so a user will either have to regenerate the key, or we would do it based upon a configured policy.
Also, wanted to be clear that we are aware of this limitation, which is why we set the default expiration period to 10 years (so we have a bit of time to solve this in the best way possible).
Hope this helps. Let me know if you don't have the information you need.
-
RE: Multi User Accountsposted in General Discussion
Ah, you may want to review https://fusionauth.io/docs/v1/tech/apis/identity-providers/samlv2#overview and https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/ (and the similar pages for the OIDC and JWT identity providers). We provide support for domain based identity providers for SAML, JWT and OIDC identity providers.
Latest posts made by dan
-
RE: Error setting up FusionAuth free versionposted in Q&A
Great! If you end up sticking with mysql, make sure you check out this:
and the
database.mysql.enforce-utf8mb4section of https://fusionauth.io/docs/v1/tech/reference/configuration
-
RE: Email verification not working with apiposted in Q&A
Hiya,
What version of FusionAuth are you using?
-
RE: Error setting up FusionAuth free versionposted in Q&A
Hiya,
The minimum version of mysql for FusionAuth is 5.7.9. This and other system requirements are documented here: https://fusionauth.io/docs/v1/tech/installation-guide/system-requirements
Any chance you can upgrade mysql or use postgresql 9.5+?
-
RE: Does FusionAuth support OAuth 2.1?posted in Q&A
Yes and no. Since OAuth 2.1 isn't released yet (though the working group seems to be getting pretty close) no one can "support" it yet. This is the draft specification right now: https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00
This blog post examines some of the changes and how FusionAuth is set up to handle them: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1#can-you-use-oauth-21-right-now
-
RE: Implementing a Role-Based Access System for Authorizationposted in Q&A
Ah, I just tested this out and if you don't need it in the JWT, you should be able to see it in the registrations object returned after login.
Here's a response I get after logging in:
{ "token": "ey...", "user": { "active": true, "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72", "email": "email@example.com", "id": "2df13f18-01cc-48a4-b97a-2ab04f98d006", "insertInstant": 1592857899119, "lastLoginInstant": 1596819645662, "lastUpdateInstant": 0, "passwordChangeRequired": false, "passwordLastUpdateInstant": 1592857899145, "registrations": [ { "applicationId": "78bd26e9-51de-4af8-baf4-914ea5825355", "id": "73d2317b-d196-4315-aba2-3c205ed3ccae", "insertInstant": 1592857899151, "lastLoginInstant": 1592857899153, "lastUpdateInstant": 1596813810104, "roles": [ "Role1" ], "usernameStatus": "ACTIVE", "verified": true } ], "tenantId": "1de156c2-2daa-a285-0c59-b52f9106d4e4", "twoFactorDelivery": "None", "twoFactorEnabled": false, "usernameStatus": "ACTIVE", "verified": true } }So
user.applicationId.rolesis what you want. Note that roles are applied on an application by application basis. If a user is in a group which has a role 'roleA' which is created in 'applicationA', but is not registered for 'applicationA', they won't receive that role. More on that here: https://fusionauth.io/docs/v1/tech/core-concepts/groups
-
RE: Implementing a Role-Based Access System for Authorizationposted in Q&A
Hmmm. The easiest way to do this is to use the JWT populate lambda to put the roles in the JWT.
https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate
I'd use a lambda like this:
function populate(jwt, user, registration) { if (registration && registration.roles) { jwt.roles = registration.roles; } }This should include any group roles if the user is a member of the group and is registered to the application the roles are defined in.
Then when whatever is consuming the JWT examines it, they should see the roles as an array in the JWT, and can check there.
Sorry if that isn't clear. Does that do what you want?
PS I'd also recommend upgrading to 1.18.5. Lots of bugs fixed in this release.
-
RE: Token difference when account hasn't been verifiedposted in Q&A
The JWT (
id_tokenoraccess_token) will contain theemail_verifiedclaim with a value oftrueorfalse, so if you wish to limit privilege based upon this state, that would be a good way to do it.
-
Token difference when account hasn't been verifiedposted in Q&A
I have a question about account verification: is the only difference between an account which is verified and one which is not that the
id_tokenreturned for the unverified user will haveemail_verifiedset tofalsein the JWT?This is relevant because we might want to disable functionality until the user has been verified.