Is there a way to update user data in the UI?

I'd like to update the user data object in the UI. I know I can do it via the API: https://fusionauth.io/docs/v1/tech/apis/users

I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?

Can you run FusionAuth in Kubernetes?

Heya FusionAuth Users!

Got a minute to share your experience with the FusionAuth platform?

Please take this short Capterra survey.

You'll help improve the software and the first 100 eligible reviewers will get a $20 gift card.

We just released an overhaul of the website: https://fusionauth.io/ which includes a new look for the API docs: https://fusionauth.io/docs/v1/tech/

https://blog.bettyblocks.com/5-ways-betty-blocks-protects-your-company-data

Hiya,

I'm unable to create a user registration using the .NET client libraries: https://fusionauth.io/docs/v1/tech/client-libraries/netcore

I have verified that the API key is basically a super user. I've verified that I'm sending the registration object. I've tried twiddling different properties (verified, insertInstant) and made sure that the application exists. I've added the a user registration to the application manually and it works. Creating a user and setting the userdata works just fine. It just seems like the registration isn't working.

I looked in https://github.com/FusionAuth/fusionauth-netcore-client/issues and https://github.com/FusionAuth/fusionauth-issues/issues but didn't see any relevant issues.

Here's my code so far (you can run it with fusionauth_api_key=<key> dotnet.exe run -- foo@foo5.com bluepass123 blue)

$ cat usermanager.csproj
<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>netcoreapp3.1</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="FusionAuth.Client" Version="1.15.7" />
    <PackageReference Include="JSON.Net" Version="1.0.18" />
  </ItemGroup>

</Project>

$ cat Program.cs
using System;
using io.fusionauth;
using io.fusionauth.domain;
using io.fusionauth.domain.api;
using System.Collections.Generic;
using Newtonsoft.Json;

namespace usermanager
{
    class Program
    {
        private static readonly string apiKey = Environment.GetEnvironmentVariable("fusionauth_api_key");
        private static readonly string fusionauthURL = "http://localhost:9011";

        private static readonly string tenantId = "66636432-3932-3836-6630-656464383862";
        static void Main(string[] args)
        {
            if (args.Length != 3) {
                Console.WriteLine("Please provide email, password and favorite color.");
                Environment.Exit(1);
            }
            string email= args[0];
            string password = args[1];
            string favoriteColor = args[2];

            FusionAuthSyncClient client = new FusionAuthSyncClient(apiKey, fusionauthURL, tenantId);
            User userToCreate = new User();
            userToCreate.email = email;
            userToCreate.password = password;
            Dictionary<string, object> data = new Dictionary<string, object>();
            data.Add("favoriteColor", favoriteColor);
            userToCreate.data = data;
            UserRegistration registration = new UserRegistration();
            registration.applicationId = Guid.Parse("4243b56f-0b45-4882-aa23-ac75eea22d22");
            registration.verified = true;

            registration.insertInstant = DateTimeOffset.UtcNow;
            var registrations = new List<UserRegistration>();
            registrations.Add(registration);

            userToCreate.registrations = registrations;

            UserRequest userRequest = new UserRequest();
            userRequest.sendSetPasswordEmail = false;
            userRequest.user = userToCreate;
            string u = JsonConvert.SerializeObject(userRequest);
            Console.WriteLine(u);
            var response = client.CreateUser(null, userRequest);
            string json = JsonConvert.SerializeObject(response);
            Console.WriteLine(json);

            if (response.WasSuccessful())
            {
                var user = response.successResponse.user;
                Console.WriteLine("retrieved user with email: "+user.email);
            }
            else if (response.statusCode != 200)
            {
                var statusCode = response.statusCode;
                Console.WriteLine("failed with status "+statusCode);
            }
        }
    }
}

https://fusionauth.io/blog/2020/06/25/using-oauth-and-pkce-to-add-authentication-to-your-gatsby-site

Well, since we're talking about behavior based on a fix that isn't written yet, things are a bit theoretical.

Here's one approach we'd consider. An expired key pair cannot be used to sign a JWT, so we would either have to generate a new key pair ahead of the expiration, or start failing login operations. The former is a better user experience, so a user will either have to regenerate the key, or we would do it based upon a configured policy.

Also, wanted to be clear that we are aware of this limitation, which is why we set the default expiration period to 10 years (so we have a bit of time to solve this in the best way possible).

Hope this helps. Let me know if you don't have the information you need.

Hi,

ElasticSearch is used to provide search functionality in both the admin UI and any APIs using a search endpoint, for example searching for users: https://fusionauth.io/docs/v1/tech/apis/users#search-for-users

In the near future there will be two search options, one just using the database without Elasticsearch. More details here: https://github.com/FusionAuth/fusionauth-issues/issues/427

Let me know if that answers your question.

As long as it is a valid URI, it is allowed.

What are the exact restrictions we have regarding redirect_uris?

For instance, can we have subdomains? or go to a specific page (https://example.com/login/otherpage.html)?

Hmmm. Weird. Will look at filing a bug. Thanks!

One workaround you can use is the PATCH method on the user object:

PATCH http://localhost:9011/api/user/<user-id>
{
  "user": {
    "skipVerification": true,
    "email": "admin@email",
    "passwordChangeRequired": false,
    "username": "admin",
    "password": "....."
  }
}

What version of fusionauth are you running?

Can you share an example of how you tried to use the API key? That looks like an exception flow we should handle and I'd love to file a bug report.

Have you tried to use this API: https://fusionauth.io/docs/v1/tech/apis/users#change-a-users-password ?

Can you explain a bit more @civaxox259 ?

@twosevenxyz

I'm not sure what you mean? What part of the system would you like to receive the IP address? Can you explain a bit more?

It appears to be. So the answer is similar to my answer here.

Ah, great. So unfortunately, since this feature request is open, the functionality hasn't been built yet, but is on the roadmap. Here are your options to influence the roadmap:
https://fusionauth.io/community/forum/topic/172/the-fusionauth-roadmap

Hiya,

I was able to successfully decode a JWT. From reviewing this thread, I think maybe the issue is that you are using the wrong secret. It seems like you might have accidentally been using the id of the signing key '1c8e490a-4972-7d73-8935-06621a0a6441' instead of the actual secret key.

Here's how I found my secret key:

• go to settings
• go to keymaster
• click on the green magnifying glass icon to view the default key
• click on click here to see the secret.

My secret looked something like this: n0EfufcUAuYM6199G3ffRp+YUVMPodabtlI/wT8oBYc=.

Can you try validating your JWT with the secret found through those steps and let me know how it goes?

Hmmm. I'll take a look on Monday.

Hiya,

Here's an example library of decoding JWTs: https://github.com/FusionAuth/fusionauth-example-ruby-jwt

Code based on this seems to work with your payload:

require 'jwt'

hmac_secret = '1c8e490a-4972-7d73-8935-06621a0a6441'

exp = Time.now.to_i + (5*60)
iat = Time.now.to_i + (0*60)

payload = {
  "aud": "9380d2c6-c435-4eec-a897-9ec9d084bce8",
  "exp": exp,
  "iat": iat,
  "iss": "acme.com",
  "sub": "13529edf-961e-4d3a-8177-a2f17cf554b1",
  "authenticationType": "PASSWORD",
  "email": "msragheb@uci.edu",
  "email_verified": true,
  "roles": [
    "Servant"
  ],
  "applicationId": "9380d2c6-c435-4eec-a897-9ec9d084bce8",
  "person_id": 1
}

token = JWT.encode payload, hmac_secret, 'HS256', {"typ": "JWT", "kid": "abc"}

puts token

decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }

puts decoded_token

Here's similar code which just takes a JWT and decodes it:

require 'jwt'

# the todo API

hmac_secret = '1c8e490a-4972-7d73-8935-06621a0a6441'

token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjllZDRjNjc1NCJ9.eyJhdWQiOiI5MzgwZDJjNi1jNDM1LTRlZWMtYTg5Ny05ZWM5ZDA4NGJjZTgiLCJleHAiOjE1OTQ0ODk5NTMsImlhdCI6MTU5NDQ4NjM1MywiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiIxMzUyOWVkZi05NjFlLTRkM2EtODE3Ny1hMmYxN2NmNTU0YjEiLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoibXNyYWdoZWJAdWNpLmVkdSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJyb2xlcyI6WyJTZXJ2YW50Il0sImFwcGxpY2F0aW9uSWQiOiI5MzgwZDJjNi1jNDM1LTRlZWMtYTg5Ny05ZWM5ZDA4NGJjZTgiLCJwZXJzb25faWQiOjF9.aKajyZmIWe0d0ijoV2oTpxVUeQpOieaV5C80SoLqCrA'

puts token

decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }

puts decoded_token

Right now of course the JWT you provided won't be valid because it expired. Can you generate a JWT good for 30 days and share that here? Or try to use the above code to decode it?

I'd also make sure that the server has the correct time on it and that the access token is just the JWT and doesn't include Bearer .