RE: Authentication for an Application with Web Client and Mobile front-ends

@mehamm,

It sounds like you are on the right track. A few comments:

• The Web API should not persist the access token, but the web app definitely can (often in a session). The web app can then present the access token until it expires, in which case the web app can renew the access token with the refresh token.

• "Web API verifies token against FusionAuth (my app) endpoint" -> You can also verify the claims were signed by FusionAuth without calling the introspect endpoint by using a JWT library.

• "Web API pulls user claims from token for role(s) and tenant, if verified returns data back to web app." -> Makes sense. Make sure to check the "aud" and "iss" claims to ensure they are what you expect. You should do this even if you are using the introspect endpoint.
• The correct tenant can be found from the client_id, since all applications are associated with one and only one tenant.
  If you have any specific issues, please feel free to post them in the forum (a new topic might be best).

By the way, if you are running in FusionAuth in production at scale, we encourage you to get a support contract . Having one allows access to the engineering team via opening support tickets. https://fusionauth.io/pricing/. Obviously, this is not a requirement, but should your business needs require a higher support level, it is available

I hope this helps!

Hi @michael-schramm,

If you could provide a bit more context to your issue, we could perhaps give a few pointers, but unfortunately, I believe this is outside of our accepted/documented use guidelines. FusionAuth is supported using MySQL and Postgres (documentation here).

Thanks,
Josh

Hi bogorad,

The functionality that you are looking for is located in the themes section of the FusionAuth application. Specifically, you will want to review all OAuth pages (OAuth authorize and possibly others) to adjust the template to your user requirements. FusionAuth uses FreeMarker for templating.

Additionally, below is a link to our documentation regarding themes (as well as a very useful video on how to mimic a custom Stack Overflow login page, for instance)
https://fusionauth.io/docs/v1/tech/themes/

Hopefully, that sets you on the right path! Enjoy FusionAuth!

Thanks,
Josh

Hey FusionAuth Community!

Just a heads up -- we have made a few revisions to this post!

If you are interested in using VueJS and FusionAuth -- check it out!

https://fusionauth.io/blog/2020/08/06/securely-implement-oauth-vuejs

My Database (sql, rds, postgres) is filling up. Any pointers on how to address this?

There is an option to adjust the number of claims on the token through the jwt populate lambda.

Documentation here

Let me know if that gets at what you looking for!

Thanks,
Josh

There are a number of things that might be causing this.

One thing to check is to see how many logs, debug, and other records your installation is holding on to. This can be reviewed by clicking under Setting -> System

I have attached a screenshot for your review.

Finally, it might be useful to review your system architecture to ensure it is sized appropriately for the number of users you are hosting.

I hope this helps!

Thanks,
Josh

Is there an option to make JWT token smaller in a size?

Hi @mehamm!

All applications are associated with one and only one tenant.

You may find some answers to your questions around multi-tenancy here:

https://fusionauth.io/blog/2018/09/24/multi-tenancy-in-a-single-tenant-architecture

I will also excerpt from the article

A FusionAuth tenant is simply a namespace where Applications, Groups, and Users exist

Another article that might be of interest is below:
https://fusionauth.io/blog/2020/06/30/private-labeling-with-multi-tenant

These articles should help you understand the concept of tenants as it applies to FusionAuth.

I hope this helps!

Thanks,
Josh

How do I query a bunch of Users and their associated data? Is it better to use the API or the UI?

@richb201,

Some of this you may have tried, but could be worth double-checking:

1. Have you tried running your FreeMarker template through a linter to make sure there are no errors that might explain some of the behavior you are seeing?
2. Have you tried printing the full URL on your server (in a debug-like puts/print statement) to verify the presence or absence of an HTTP schema in the link and that the link is not broken?
3. Does the Freemarker template appear as you would like it to when you "preview" (there is a preview button there) the template in FusionAuth under the themes section?

At the moment, I don't have any other suggestions but will post back here once something else comes to mind.

Thanks,
Josh

You can read the release notes here: https://fusionauth.io/docs/v1/tech/release-notes/#version-1-27-0

@trevorr,

Based on what I am seeing here, I don't believe this is an issue with FusionAuth, but if you discover something else, please let us know and we can file a bug report.

As you might have indicated, my instincts are telling me you had a popup rule blocking the required dialogs or that something in Privacy Badger does not like a combination of the "post" and something else about that URL. You could try disabling certain "privacy rules/settings" (not very familiar with Privacy Badger) to see if that alleviates your problem.

Let me know if you find anything further!

Thanks,
Josh

Hi @tl-fa,

You can view our Roadmap Guidance regarding how features are implemented into FusionAuth. A good snapshot of current development can be found here as well.

We will certainly update any related issue cards as development moves forward!

Thanks!
Josh

Hi @nick,

We have a good overview section on why you would select/create a group in FusionAuth below and offers a helpful example.
https://fusionauth.io/docs/v1/tech/core-concepts/groups/#overview

My understanding is that groups will allow you to select a subset of users within your application(s). Very useful if you need to define roles, etc.

I hope this helps!

Thanks,
Josh

@maarten,

Glad that you got this working! If you have any other tips about how you got it working, that might help other users in a similar situation.

Glad it worked out!

Thanks,
Josh

Hi @fred-fred,

The link you have provided is referencing the OIDC protocol which is outlined here in FusionAuth.

I am a bit confused by your use case. What is the primary purpose of FusionAuth in this instance? Are you using an OIDC compliant SSO? If you could elaborate a bit on your current implementation and the steps you would like to have occur, I may be able to offer a few more pointers.

Other reference materials to get you going

You may want to reference our external identity providers and reconcile lambda functionality

• https://fusionauth.io/docs/v1/tech/lambdas/external-jwt-reconcile/
• https://fusionauth.io/docs/v1/tech/lambdas/openid-connect-response-reconcile/
• https://fusionauth.io/docs/v1/tech/identity-providers/external-jwt/

Our Single Sign On(SSO) guides may also be of use to you as well.

• https://fusionauth.io/docs/v1/tech/guides/single-sign-on/

We do have a few examples using Netcore which you can review:

• https://fusionauth.io/docs/v1/tech/example-apps/netcore/

Thanks!
-Josh

@Moonshine,

Glad you found it in our UI!

Thanks,
Josh

Hi @stuart-auld!

I am glad you got this sorted out!

Feel free to log an issue if you feel there is room for improvement based on this experience! That way our dev team can consider this in future iterations of FusionAuth.

https://github.com/FusionAuth/fusionauth-issues/issues/new/choose

Thanks!

Thanks,
Josh

@richb201,

I am not understanding your error fully. Can you please elaborate on what you are experiencing? If you could share error logs that might be helpful.

Alternatively, you may want to review the OAuth2 flow by consulting our documentation. Our five-minute guide covers a basic example for your consideration.

https://fusionauth.io/docs/v1/tech/5-minute-setup-guide/#5-create-an-application-and-configure-the-oauth-settings.

Thanks!

Thanks,
Josh