Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    1. Home
    2. dan
    • Profile
    • Following 0
    • Followers 8
    • Topics 584
    • Posts 2220
    • Best 160
    • Groups 3

    dan

    @dan

    Head of Developer Relations at FusionAuth.

    Enjoys ruby, java, php. Finds golang challenging.

    Likes the authorization code grant, automation, stories and clear documentation.

    Hiker, camper, gardener. Used to have chickens, now just tomatos.

    174
    Reputation
    153
    Profile views
    2220
    Posts
    8
    Followers
    0
    Following
    Joined Last Online
    Website fusionauth.io Location Colorado, USA

    dan Unfollow Follow
    Staff Power User administrators

    Best posts made by dan

    • Is there a way to update user data in the UI?

      I'd like to update the user data object in the UI. I know I can do it via the API: https://fusionauth.io/docs/v1/tech/apis/users

      posted in Q&A
      dan
      dan
    • FusionAuth releases SimplePass™

      https://fusionauth.io/blog/2021/04/01/fusionauth-introduces-simplepass/

      posted in Blogs
      dan
      dan
    • Can I configure the inactivity timeout of the FusionAuth Session cookie?

      I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?

      posted in Q&A
      dan
      dan
    • Terraform provider for FusionAuth released

      There's now an open source terraform provider available: https://github.com/gpsinsight/terraform-provider-fusionauth

      It's also on the registry: https://registry.terraform.io/providers/gpsinsight/fusionauth/latest

      posted in Release
      dan
      dan
    • Can you run FusionAuth in kubernetes?

      Can you run FusionAuth in Kubernetes?

      posted in Q&A
      dan
      dan
    • RE: Block authentication until user is verified?

      Is modifying the JWT via a lambda equivalent to accessing the verified property of the user profile?

      Within a lambda, you have access to the user and registration properties. So you'd pull the verified property from wherever you wanted and put it into the JWT as a custom claim. Here's a blog post about how that might work.

      So yes, it is the same data. It's the tradeoff between a bigger JWT and having to make the additional call from your API.

      Don't forget that the JWT will live for a while, so if this sequence happens and you use the JWT, you might have a user with a verified email prevented from using the API.

      1. user registers
      2. JWT issued, with verified set to false because the user isn't verified.
      3. User verifies their email
      4. User visits API, but is denied because the JWT has stale data.

      I don't know timelines and how long your JWTs live for, but this is something to consider. Does that answer your question?

      posted in Q&A
      dan
      dan
    • RE: My JWKS are always empty

      Symmetric keys are not returned on the JWKS endpoint, as they don't have a public key. Per the docs this api:

      returns public keys generated by FusionAuth, used to cryptographically verify JWTs using the JSON Web Key format

      If you create an RSA or EC key which is an asymmetric key pair - the public key will be returned on the JWKS endpoint. If you don’t have any key pairs configured , it will be empty. Out of the box, you’ll only have one HMAC key which we don’t publish in JWKS.

      posted in Q&A
      dan
      dan
    • RE: Implementing a Role-Based Access System for Authorization

      Ah, I just tested this out and if you don't need it in the JWT, you should be able to see it in the registrations object returned after login.

      Here's a response I get after logging in:

      {
        "token": "ey...",
        "user": {
          "active": true,
          "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
          "email": "email@example.com",
          "id": "2df13f18-01cc-48a4-b97a-2ab04f98d006",
          "insertInstant": 1592857899119,
          "lastLoginInstant": 1596819645662,
          "lastUpdateInstant": 0,
          "passwordChangeRequired": false,
          "passwordLastUpdateInstant": 1592857899145,
          "registrations": [
            {
              "applicationId": "78bd26e9-51de-4af8-baf4-914ea5825355",
              "id": "73d2317b-d196-4315-aba2-3c205ed3ccae",
              "insertInstant": 1592857899151,
              "lastLoginInstant": 1592857899153,
              "lastUpdateInstant": 1596813810104,
              "roles": [
                "Role1"
              ],
              "usernameStatus": "ACTIVE",
              "verified": true
            }
          ],
          "tenantId": "1de156c2-2daa-a285-0c59-b52f9106d4e4",
          "twoFactorDelivery": "None",
          "twoFactorEnabled": false,
          "usernameStatus": "ACTIVE",
          "verified": true
        }
      }
      

      So user.applicationId.roles is what you want. Note that roles are applied on an application by application basis. If a user is in a group which has a role 'roleA' which is created in 'applicationA', but is not registered for 'applicationA', they won't receive that role. More on that here: https://fusionauth.io/docs/v1/tech/core-concepts/groups

      posted in Q&A
      dan
      dan
    • RE: Trouble getting the user object post login

      OK, we just released 1.18.8 and that is the version you want to use:

      In requirements.txt:

      fusionauth-client==1.18.8
      

      And then this is the call you want to make (with client_id before redirect_uri) :

       resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)
      
      posted in Q&A
      dan
      dan
    • RE: Can I run FusionAuth in Heroku?

      There is no official support for Heroku at this time. Follow along on this issue (and vote it up if this is important to you) if you'd like to know when such support happens.

      However, there is a community supported project with a "Deploy to Heroku" button. This is provided and tested by a community member.

      posted in Q&A
      dan
      dan

    Latest posts made by dan

    • Laravel + FusionAuth, the Laravel way

      https://medium.com/@crocodile2u/laravel-fusionauth-the-laravel-way-5e57a55ae403

      posted in Blogs
      dan
      dan
    • RE: Is it possible to add columns in order to sort with lastLogin from UI ?

      @jbtruffault This would be a new feature request. Please feel free to file one here: https://github.com/fusionauth/fusionauth-issues/issues

      An alternative would be to use the login API to export the login records into a database or other data storage system and then to sort it as you see fit. This API is documented here: https://fusionauth.io/docs/v1/tech/apis/login#export-login-records

      posted in Q&A
      dan
      dan
    • RE: Registering existing users does not error

      @olly

      Hmmm. It seems as though you have self service registration enabled. If this is the case, when an existing user registers for an application, the FusionAuth registration is automatically enabled.

      Maybe I don't understand what you are trying to accomplish. Could you explain what you are trying to do?

      posted in Q&A
      dan
      dan
    • RE: Does deprecation of JavaScript Google Platform Library affect FusionAuth Google Identity Provider?

      Thanks @harish_reddy !

      Per this comment, this is slated to be fixed under https://github.com/FusionAuth/fusionauth-issues/issues/1894 .

      This is planned for 1.43.0, which is the next release.

      Thanks.

      posted in General Discussion
      dan
      dan
    • RE: Integrating FusionAuth as OTP Provider with Exchange Server using ADFS Authentication

      @g-natsoulis

      Hiya, can you explain a little more about what you are looking for? I'm not quite sure what you mean by "an OTP provider for an Exchange server that has ADFS authentication set up?"

      posted in Q&A
      dan
      dan
    • RE: Refresh token revoked on logging in on multiple devices

      @vindhyahegde2114

      Hmmm. Haven't run into this before.

      The refresh token revocation behavior is documented here: https://fusionauth.io/docs/v1/tech/core-concepts/applications#jwt and here: https://fusionauth.io/docs/v1/tech/core-concepts/tenants#jwt

      Can you provide a few more details?

      • how are you logging the user in
      • what are your refresh token settings for this application
      • What is the
      • what version of FusionAuth are you running

      Thanks,
      Dan

      posted in Q&A
      dan
      dan
    • RE: Maintenance Mode on Remote Server

      @fusionauth-0

      Hmmm. So you are saying that:

      • you can connect from the ec2 instance to your postgresql instance.
      • you can connect via the web to the fusionauth instance, but it is stuck in maintenance mode.

      Where is the postgresql instance running? Is it on the same ec2 instance as FusionAuth?

      What value are you putting for the hostname?

      posted in Q&A
      dan
      dan
    • RE: Email CTR and open rates

      @eduards-celmins It is not built into FusionAuth, but if you use an email provider, they'll often provide such functionality.

      Here's information about sendgrid: https://docs.sendgrid.com/ui/analytics-and-reporting/stats-overview

      I believe there are similar stats captured for other email providers.

      posted in Q&A
      dan
      dan
    • RE: SQL error on request_frequencies Table

      @langnerfrancesco What version of FusionAuth are you using?

      What version of postgresql?

      posted in Q&A
      dan
      dan
    • RE: Cannot setup the first administrator account

      @vvicazz That's great news!

      posted in Q&A
      dan
      dan