Topics created by didier.rano

Have you reviewed the license FAQ?

https://fusionauth.io/license-faq/

If your scenario isn't described there, please provide more detail. If you'd prefer to explain over email, please contact us.

@didier-rano

It looks like there are two issues.

The first is that the SAML login lambda runs after the JWT populate lambda (or at the least the order is indeterminate) so your groups aren't being propagated, at least for Azure AD. More concerning to me is the fact that you are only seeing one SAML reconciliation for your user. I would expect that lambda to run every time the user logs in.

These feel like issues to raise on our issues repo, preferably with reproduction steps. I have been trying to find time to replicate it and file the issue, but if you can, that'd be very helpful.

The second is whether we support Enterprise Applications. I don't know if any of the community is using that particular feature. That does make sense why you are not interested in OIDC, however. Do you have a link for the Azure docs on this so I could learn more (I googled for them, but wasn't able to find anything relevant).

Sure, store the access token in a secure cookie.

We don't have any examples of that with Angular, but here's a diagram of the flow: https://fusionauth.io/learn/expert-advice/authentication/spa/oauth-authorization-code-grant-jwts-refresh-tokens-cookies/

You'll still have to have some kind of backend because server side code is required to exchange the authorization code for the access token, as above. But you can then have the JWT be stored as a cookie and sent to APIs without further interaction with the backend server.

The alternative is to use the implicit grant, documented here: https://fusionauth.io/docs/v1/tech/oauth/overview#example-implicit-grant

But we strongly advise against that since it exposes your access tokens to XSS attacks.