I'd like to update the user data object in the UI. I know I can do it via the API: https://fusionauth.io/docs/v1/tech/apis/users
Head of Developer Relations at FusionAuth.
Enjoys ruby, java, php. Finds golang challenging.
Likes the authorization code grant, automation, stories and clear documentation.
Hiker, camper, gardener. Used to have chickens, now just tomato plants.
Best posts made by dan
Can I configure the inactivity timeout of the FusionAuth Session cookie?
I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?
Terraform provider for FusionAuth released
There's now an open source terraform provider available: https://github.com/gpsinsight/terraform-provider-fusionauth
It's also on the registry: https://registry.terraform.io/providers/gpsinsight/fusionauth/latest
RE: Block authentication until user is verified?
Is modifying the JWT via a lambda equivalent to accessing the verified property of the user profile?
Within a lambda, you have access to the user and registration properties. So you'd pull the
verifiedproperty from wherever you wanted and put it into the JWT as a custom claim. Here's a blog post about how that might work.
So yes, it is the same data. It's the tradeoff between a bigger JWT and having to make the additional call from your API.
Don't forget that the JWT will live for a while, so if this sequence happens and you use the JWT, you might have a user with a verified email prevented from using the API.
- user registers
- JWT issued, with
falsebecause the user isn't verified.
- User verifies their email
- User visits API, but is denied because the JWT has stale data.
I don't know timelines and how long your JWTs live for, but this is something to consider. Does that answer your question?
RE: Trouble getting the user object post login
OK, we just released 1.18.8 and that is the version you want to use:
And then this is the call you want to make (with
resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)
RE: Can I run FusionAuth in Heroku?
There is no official support for Heroku at this time. Follow along on this issue (and vote it up if this is important to you) if you'd like to know when such support happens.
However, there is a community supported project with a "Deploy to Heroku" button. This is provided and tested by a community member.
RE: Error loading mysql backup
I haven't seen that before.
Does this happen in your customized version of FusionAuth (where you've added a few applications and users) or the default version?
From looking at the mysqldump man page, maybe try
You could try loading the schema from the .sql files ( https://fusionauth.io/direct-download/ ) and loading the data separately (that is, exporting with
--no-create-info). Again, that's a wild guess, not sure what the issue is, but some more investigation seems to make sense.
Latest posts made by dan
RE: Server Availability
This is not present at the current time, but you can deploy FusionAuth in as little as 512MB of RAM. So depending on your use case, you could run FusionAuth locally.
If you needed to sync data between the local machine and a central server, the APIs might help.
But in general this is not a use case we've considered.
Feel free to open a feature request with more details about your use case: https://github.com/fusionauth/fusionauth-issues/issues
RE: mobile origin url
Thanks, I saw the steps to reproduce in the administrative user interface.
I am sorry for being unclear. I was looking for steps to reproduce in the android application.
In particular, I'm unsure where/how you are seeing this behavior:
Then I noticed traffic from android app is getting blocked with
It sounds like:
- you have an application in FusionAuth.
- It was working fine with both a mobile app and a web application
- You then added
https://example.comto the application config's authorized origin URL.
- The web application continues to work fine
- The android application now has issues
Is that correct? Or am I missing something?
If it is correct, I want to know more about those issues.
- getting error messages
- being prevented from logging in using the android app
- some other behavior
Also, is the android app a webview of the hosted login pages?
RE: Roles in Connector User Object
Yes, you can put anything in the
userobject that is documented here: https://fusionauth.io/docs/v1/tech/connectors/generic-connector/#using-the-generic-connector
You can return
rolesas outlined in the sample JSON in the link above.
Hope that helps!
RE: Password complete error
Is this the same as https://fusionauth.io/community/forum/topic/1317/error-after-updating-the-password ? or different?
Please share any logfiles you see (you can go to "System" -> "Logs" in the admin UI to view them).
RE: Error after updating the password
From other communication, you are running 1.19.7. My suggestions are:
- See if the bug is fixed in a more recent version. You could always test by standing up a copy of your product database, upgrading it, and then seeing if the issue occurs. This would provide more info for us without impacting your production system.
- Look through the detailed release notes to see if we have fixed this bug, upgrade to that specific version: https://fusionauth.io/docs/v1/tech/release-notes/
- If you have a paid support plan, open a ticket: https://account.fusionauth.io/account/support/
We're a small team and try to support everyone to the best of our ability, but supporting versions 10 minor releases behind the current release without a paid support plan is, as I'm sure you can understand, hard for us to do. Please help us by testing it out on the latest version or pursue one of the other options listed above.
Just as an FYI, it is extremely unlikely we will backport a fix to 1.19 (we almost never do that for functionality bugs), so if we found a bug and fixed it, you'd likely have to upgrade.
RE: mobile origin url
Thanks for filing this.
Can you provide a few more details (on the bug or here) to talk about why you need to set the origin URL in your mobile app?
Typically you need to set the Authorized redirect URL, but this tutorial, for example, doesn't set the origin URL: https://fusionauth.io/blog/2020/08/19/securing-react-native-with-oauth/
This optional configuration allows you to restrict the origin of an OAuth2 / OpenID Connect grant request. If no origins are registered for this Application, all origins are allowed.
By default FusionAuth will add the X-Frame-Options: DENY HTTP response header to the login pages to keep these pages from being rendered in an iframe. If the request comes from an authorized origin, however, FusionAuth will not add this header to the response. To load FusionAuth hosted login pages in an iframe, you will need to add the request origin to this configuration
RE: Restrict a user to login from only a certain IP
With advanced threat detection you can block access to applications via IP ranges (it's touched on briefly here: https://youtu.be/pjGxOXamVfk?t=1209 ).
Advanced threat detection requires an enterprise license. Currently you can't lock a certain user to an IP range, though.
Please feel free to file a feature request with details of this use case if you'd like to see this implemented.
Restrict a user to login from only a certain IP
Can you restrict logins from a certain user to a certain IP address range? We have some accounts which are used by staff that have privileged access. Would be ideal to block logging in unless it's from their known IPs.
For example, prevent login for user A unless they are coming from ip 18.104.22.168 but user B can login from any IP?