Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    1. Home
    2. joshua
    • Profile
    • Following 1
    • Followers 4
    • Topics 29
    • Posts 443
    • Best 35
    • Groups 1

    joshua

    @joshua

    Love Ruby. Learning Java and security best practices.
    On the weekends you will find me on a Denver mountain top.
    Happy to help in any way I can!

    39
    Reputation
    51
    Profile views
    443
    Posts
    4
    Followers
    1
    Following
    Joined Last Online
    Website fusionauth.io Location Denver

    joshua Unfollow Follow
    administrators

    Best posts made by joshua

    • RE: Where to find the option "Require registration"

      @florian,

      You are going to want to make sure that you are on the latest version of FusionAuth (1.29.1), as some versions may not display this option (this was a recent bug fix)

      Located under Applications > OAuth > Toggle

      A screenshot is attached.Screen Shot 2021-08-03 at 11.50.53 AM.png

      Hope that helps!

      Thanks,
      Josh

      posted in General Discussion
      joshua
      joshua
    • RE: maven.org is missing latest Java clients

      @marcus-krassmann Thanks for the info -> we have updated the MVN repo with a more current point release.

      Thanks,
      Josh

      posted in Comments & Feedback
      joshua
      joshua
    • RE: Authentication for an Application with Web Client and Mobile front-ends

      @mehamm,

      It sounds like you are on the right track. A few comments:

      • The Web API should not persist the access token, but the web app definitely can (often in a session). The web app can then present the access token until it expires, in which case the web app can renew the access token with the refresh token.
      • "Web API verifies token against FusionAuth (my app) endpoint" -> You can also verify the claims were signed by FusionAuth without calling the introspect endpoint by using a JWT library.
      • "Web API pulls user claims from token for role(s) and tenant, if verified returns data back to web app." -> Makes sense. Make sure to check the "aud" and "iss" claims to ensure they are what you expect. You should do this even if you are using the introspect endpoint.
      • The correct tenant can be found from the client_id, since all applications are associated with one and only one tenant.
        If you have any specific issues, please feel free to post them in the forum (a new topic might be best).

      By the way, if you are running in FusionAuth in production at scale, we encourage you to get a support contract 🙂 . Having one allows access to the engineering team via opening support tickets. https://fusionauth.io/pricing/. Obviously, this is not a requirement, but should your business needs require a higher support level, it is available 👍

      I hope this helps!

      posted in Q&A
      joshua
      joshua
    • RE: Cockroach Compatibility problem on Connector Signin

      Hi @michael-schramm,

      If you could provide a bit more context to your issue, we could perhaps give a few pointers, but unfortunately, I believe this is outside of our accepted/documented use guidelines. FusionAuth is supported using MySQL and Postgres (documentation here).

      Thanks,
      Josh

      posted in Q&A
      joshua
      joshua
    • RE: Any simple was of doing apple/google-only login?

      Hi bogorad,

      The functionality that you are looking for is located in the themes section of the FusionAuth application. Specifically, you will want to review all OAuth pages (OAuth authorize and possibly others) to adjust the template to your user requirements. FusionAuth uses FreeMarker for templating.

      Additionally, below is a link to our documentation regarding themes (as well as a very useful video on how to mimic a custom Stack Overflow login page, for instance)
      https://fusionauth.io/docs/v1/tech/themes/

      Hopefully, that sets you on the right path! Enjoy FusionAuth!

      Thanks,
      Josh

      theme-oauth-authorize.png

      posted in General Discussion
      joshua
      joshua
    • 1.30 is released

      1.30 is released 🎉

      Release notes forming
      https://fusionauth.io/docs/v1/tech/release-notes/

      posted in Release
      joshua
      joshua
    • My Database (sql, rds, postgres) is filling up. Any pointers on how to address this?

      My Database (sql, rds, postgres) is filling up. Any pointers on how to address this?

      posted in Q&A
      joshua
      joshua
    • RE: How to Securely Implement OAuth in Vue.js

      Hey FusionAuth Community!

      Just a heads up -- we have made a few revisions to this post!

      If you are interested in using VueJS and FusionAuth -- check it out!

      https://fusionauth.io/blog/2020/08/06/securely-implement-oauth-vuejs

      posted in Blogs
      joshua
      joshua
    • RE: Is there an option to make JWT token smaller in a size?

      There is an option to adjust the number of claims on the token through the jwt populate lambda.

      Documentation here

      Let me know if that gets at what you looking for!

      Thanks,
      Josh

      posted in General Discussion
      joshua
      joshua
    • RE: My Database (sql, rds, postgres) is filling up. Any pointers on how to address this?

      There are a number of things that might be causing this.

      One thing to check is to see how many logs, debug, and other records your installation is holding on to. This can be reviewed by clicking under Setting -> System

      I have attached a screenshot for your review.

      logsettings2.png
      logsettings.png

      Finally, it might be useful to review your system architecture to ensure it is sized appropriately for the number of users you are hosting.

      I hope this helps!

      Thanks,
      Josh

      posted in Q&A
      joshua
      joshua

    Latest posts made by joshua

    • RE: events to webhook

      @lambert-torres replied out of band to this forum. This may have been addressed in version 1.38.0 and beyond.

      Thanks,
      Josh

      posted in General Discussion
      joshua
      joshua
    • RE: Outages of the Hosted Service

      @david-cheal

      Since FusionAuth hosts each customer on their own servers (you are not sharing hosts with other customers as in a traditional SaaS model), you can determine when (or if) you want to upgrade your server in FusionAuth Cloud.

      • https://fusionauth.io/docs/v1/tech/installation-guide/cloud#upgrade-duration

      If you would like to further weigh your options, you can reach out to our sales team for advice on what may best support you.

      https://fusionauth.io/contact

      Thanks,
      Josh

      posted in General Discussion
      joshua
      joshua
    • RE: Idp link event not firing - am I doing something wrong?

      @stefan-0

      Thanks for the question -- I don't think that this will work in the way that you intend.

      I would have to test to be sure, but if FusionAuth cannot make the user (based on your chosen user provisioning policy), then this user will not be created and thus not linked, and therefore this event will not fire.

      https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-identity-provider-link

      Depending on your desired outcome, it might be best to change your linking strategy (to create this user when linking) and then use user.create webhooks. You could fail this transaction if certain requirements are not met (thus the user will not be created and linked).

      I hope this helps!

      Thanks,
      Josh

      posted in General Discussion
      joshua
      joshua
    • RE: Identity provider logout

      @quent Thanks for the question!

      To note, each IdP will handle logout differently. It would be hard for FusionAuth to know how to log each user out of disparate systems. Killing each user session is specific to that IdP implementation. In the FusionAuth logout process, we will call a logout endpoint of your choosing. In that endpoint, you could have your integration call the IdP to remove the user's session.

      I hope this helps!

      Josh

      posted in Q&A
      joshua
      joshua
    • RE: Performance issues after upgrade

      @paul-fink marking this thread as being addressed out of this forum band.

      -Josh

      posted in Q&A
      joshua
      joshua
    • RE: Issue starting up docker image with FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS

      @zradick

      Thanks for the question - if you remove the quotes from your args, that may resolve the issue.

      - FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS=-Djavax.net.ssl.keyStore=/fusionauth/example.p12 -Djavax.net.ssl.keyStorePassword=****
      

      Our documentation may need to be updated to address this

      https://fusionauth.io/docs/v1/tech/admin-guide/securing#custom-keystore

      Josh

      posted in General Discussion
      joshua
      joshua
    • RE: SAML v2 with Azure AD & Django

      @david-moreno

      Is this still an open issue for you? If so, including the debug information (and turning on debug for the SAML IdP can be helpful) as you complete the SAML handshake.

      • Josh
      posted in Q&A
      joshua
      joshua
    • RE: SAML response from Google Workspace- Picture field ??

      @leandro-menagonzalez Sorry - I was traveling for a bit and then under the weather.

      Were you able to resolve this?

      If not, my understanding is that this would be a mapping problem. Essentially, Google would have to be instructed to send over a profile pic url, and FusionAuth would consume that in the AuthN response. Further, a reconcile lambda can be used to grab this URL attribute and store on the user, etc. Let me know if I am misunderstanding the issue.

      Josh

      posted in Q&A
      joshua
      joshua
    • RE: SAML response from Google Workspace- Picture field ??

      Hi @leandro-menagonzalez

      Thanks for the question. If I am understanding correctly, if you are expecting a certain attribute to be returned in an AuthN response, this would require additional configuration on the part of Google. Is there a configuration tool on that side to add an additional attribute to be sent in an AuthN response?

      Thanks,
      Josh

      posted in Q&A
      joshua
      joshua
    • RE: Local oauth2/token endpoint returns missing grant_type error

      Hi @josh-dura -

      Is this still an open issue for you? The event logs are stored in the DB, so you should be able to access them by navigating in the admin UI ( system > events log ) to get a better idea of what might be occurring.

      Thanks,
      Josh

      posted in General Discussion
      joshua
      joshua