I'd like to update the user data object in the UI. I know I can do it via the API: https://fusionauth.io/docs/v1/tech/apis/users

Best posts made by dan
-
Is there a way to update user data in the UI?
-
Can I configure the inactivity timeout of the FusionAuth Session cookie?
I have a quick question about FusionAuth and configuring the inactivity timeout of the session cookie it creates. Specifically... Is it possible?
-
Terraform provider for FusionAuth released
There's now an open source terraform provider available: https://github.com/gpsinsight/terraform-provider-fusionauth
It's also on the registry: https://registry.terraform.io/providers/gpsinsight/fusionauth/latest
-
RE: Block authentication until user is verified?
Is modifying the JWT via a lambda equivalent to accessing the verified property of the user profile?
Within a lambda, you have access to the user and registration properties. So you'd pull the
verified
property from wherever you wanted and put it into the JWT as a custom claim. Here's a blog post about how that might work.So yes, it is the same data. It's the tradeoff between a bigger JWT and having to make the additional call from your API.
Don't forget that the JWT will live for a while, so if this sequence happens and you use the JWT, you might have a user with a verified email prevented from using the API.
- user registers
- JWT issued, with
verified
set tofalse
because the user isn't verified. - User verifies their email
- User visits API, but is denied because the JWT has stale data.
I don't know timelines and how long your JWTs live for, but this is something to consider. Does that answer your question?
-
RE: My JWKS are always empty
Symmetric keys are not returned on the JWKS endpoint, as they don't have a public key. Per the docs this api:
returns public keys generated by FusionAuth, used to cryptographically verify JWTs using the JSON Web Key format
If you create an RSA or EC key which is an asymmetric key pair - the public key will be returned on the JWKS endpoint. If you don’t have any key pairs configured , it will be empty. Out of the box, you’ll only have one HMAC key which we don’t publish in JWKS.
-
RE: Implementing a Role-Based Access System for Authorization
Ah, I just tested this out and if you don't need it in the JWT, you should be able to see it in the registrations object returned after login.
Here's a response I get after logging in:
{ "token": "ey...", "user": { "active": true, "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72", "email": "email@example.com", "id": "2df13f18-01cc-48a4-b97a-2ab04f98d006", "insertInstant": 1592857899119, "lastLoginInstant": 1596819645662, "lastUpdateInstant": 0, "passwordChangeRequired": false, "passwordLastUpdateInstant": 1592857899145, "registrations": [ { "applicationId": "78bd26e9-51de-4af8-baf4-914ea5825355", "id": "73d2317b-d196-4315-aba2-3c205ed3ccae", "insertInstant": 1592857899151, "lastLoginInstant": 1592857899153, "lastUpdateInstant": 1596813810104, "roles": [ "Role1" ], "usernameStatus": "ACTIVE", "verified": true } ], "tenantId": "1de156c2-2daa-a285-0c59-b52f9106d4e4", "twoFactorDelivery": "None", "twoFactorEnabled": false, "usernameStatus": "ACTIVE", "verified": true } }
So
user.applicationId.roles
is what you want. Note that roles are applied on an application by application basis. If a user is in a group which has a role 'roleA' which is created in 'applicationA', but is not registered for 'applicationA', they won't receive that role. More on that here: https://fusionauth.io/docs/v1/tech/core-concepts/groups -
RE: Trouble getting the user object post login
OK, we just released 1.18.8 and that is the version you want to use:
In
requirements.txt
:fusionauth-client==1.18.8
And then this is the call you want to make (with
client_id
beforeredirect_uri
) :resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)
-
RE: Can I run FusionAuth in Heroku?
There is no official support for Heroku at this time. Follow along on this issue (and vote it up if this is important to you) if you'd like to know when such support happens.
However, there is a community supported project with a "Deploy to Heroku" button. This is provided and tested by a community member.
-
RE: Error loading mysql backup
I haven't seen that before.
Does this happen in your customized version of FusionAuth (where you've added a few applications and users) or the default version?
From looking at the mysqldump man page, maybe try
--hex-blob
?You could try loading the schema from the .sql files ( https://fusionauth.io/direct-download/ ) and loading the data separately (that is, exporting with
--no-create-info
). Again, that's a wild guess, not sure what the issue is, but some more investigation seems to make sense. -
RE: Having an issue with nginx in front of FusionAuth
Ah, the answer is that Nginx defaults to HTTP/1.0 and if you are on a recent version of FusionAuth, this protocol is not supported by our HTTP server (HTTP 1.1 was, after all, released in 1997
).
The remedy is to update your Nginx configuration to use a later protocol with this change:
proxy_http_version 1.1;
Hope that helps.
-
RE: Using native apple sign in
We've updated the apple provider doc to be more clear: https://fusionauth.io/docs/v1/tech/apis/identity-providers/apple#complete-the-apple-login
-
Seeking users of FusionAuth to take a survey
Heya FusionAuth Users!
Got a minute to share your experience with the FusionAuth platform?
Please take this short Capterra survey.
You'll help improve the software and the first 100 eligible reviewers will get a $20 gift card.
-
New website!
We just released an overhaul of the website: https://fusionauth.io/ which includes a new look for the API docs: https://fusionauth.io/docs/v1/tech/
-
Unable to create a registration using the .NET core client
Hiya,
I'm unable to create a user registration using the .NET client libraries: https://fusionauth.io/docs/v1/tech/client-libraries/netcore
I have verified that the API key is basically a super user. I've verified that I'm sending the registration object. I've tried twiddling different properties (verified, insertInstant) and made sure that the application exists. I've added the a user registration to the application manually and it works. Creating a user and setting the userdata works just fine. It just seems like the registration isn't working.
I looked in https://github.com/FusionAuth/fusionauth-netcore-client/issues and https://github.com/FusionAuth/fusionauth-issues/issues but didn't see any relevant issues.
Here's my code so far (you can run it with
fusionauth_api_key=<key> dotnet.exe run -- foo@foo5.com bluepass123 blue
)$ cat usermanager.csproj <Project Sdk="Microsoft.NET.Sdk"> <PropertyGroup> <OutputType>Exe</OutputType> <TargetFramework>netcoreapp3.1</TargetFramework> </PropertyGroup> <ItemGroup> <PackageReference Include="FusionAuth.Client" Version="1.15.7" /> <PackageReference Include="JSON.Net" Version="1.0.18" /> </ItemGroup> </Project>
$ cat Program.cs using System; using io.fusionauth; using io.fusionauth.domain; using io.fusionauth.domain.api; using System.Collections.Generic; using Newtonsoft.Json; namespace usermanager { class Program { private static readonly string apiKey = Environment.GetEnvironmentVariable("fusionauth_api_key"); private static readonly string fusionauthURL = "http://localhost:9011"; private static readonly string tenantId = "66636432-3932-3836-6630-656464383862"; static void Main(string[] args) { if (args.Length != 3) { Console.WriteLine("Please provide email, password and favorite color."); Environment.Exit(1); } string email= args[0]; string password = args[1]; string favoriteColor = args[2]; FusionAuthSyncClient client = new FusionAuthSyncClient(apiKey, fusionauthURL, tenantId); User userToCreate = new User(); userToCreate.email = email; userToCreate.password = password; Dictionary<string, object> data = new Dictionary<string, object>(); data.Add("favoriteColor", favoriteColor); userToCreate.data = data; UserRegistration registration = new UserRegistration(); registration.applicationId = Guid.Parse("4243b56f-0b45-4882-aa23-ac75eea22d22"); registration.verified = true; registration.insertInstant = DateTimeOffset.UtcNow; var registrations = new List<UserRegistration>(); registrations.Add(registration); userToCreate.registrations = registrations; UserRequest userRequest = new UserRequest(); userRequest.sendSetPasswordEmail = false; userRequest.user = userToCreate; string u = JsonConvert.SerializeObject(userRequest); Console.WriteLine(u); var response = client.CreateUser(null, userRequest); string json = JsonConvert.SerializeObject(response); Console.WriteLine(json); if (response.WasSuccessful()) { var user = response.successResponse.user; Console.WriteLine("retrieved user with email: "+user.email); } else if (response.statusCode != 200) { var statusCode = response.statusCode; Console.WriteLine("failed with status "+statusCode); } } } }
-
RE: Upcoming MFA changes
@mweiss 1.26 was released today. You can read the release notes here: https://fusionauth.io/docs/v1/tech/release-notes/#version-1-26-0
It is available on dockerhub and the download page.
-
RE: What happens after asymmetric key expiration?
Well, since we're talking about behavior based on a fix that isn't written yet, things are a bit theoretical.
Here's one approach we'd consider. An expired key pair cannot be used to sign a JWT, so we would either have to generate a new key pair ahead of the expiration, or start failing login operations. The former is a better user experience, so a user will either have to regenerate the key, or we would do it based upon a configured policy.
Also, wanted to be clear that we are aware of this limitation, which is why we set the default expiration period to 10 years (so we have a bit of time to solve this in the best way possible).
Hope this helps. Let me know if you don't have the information you need.