Will create an issue on GH and update you guys here too.
Posts made by kasir-barati
-
RE: why "client_id" is passed down in query param in "/app/login" endpoint while it is being read from config file in backend for "app/callback" endpoint
-
RE: Specifying password during user registration.
Hey @dan,
Thanks for the invaluable insights sharing. Just one question remains in my mind and that is when to get user to verify their email address in this method of setting their password in one shot?
Should I set any flag to indicate to FusionAuth to send an email to user for email verification?
My use case is like this:
- User opens mobile app
- They will register through my app by sending their name, family, email address, and password.
- In my backend I get their req and as aforementioned I am passing those fields to the FusionAuth client (I am using @fusionauth/typescript-client)
Now I am not sure how to config or let FusionAuth know that it should send an email to the user's entered email address containing a one time use link to verify their email address so that I can be sure they've verified their email address and probably have some sort of law enforcement or restriction based on verified email addresses and not ones.
Many thanks for your support.
-
RE: why "client_id" is passed down in query param in "/app/login" endpoint while it is being read from config file in backend for "app/callback" endpoint
This is what "Ask AI" had to offer:
The
client_id
is passed as a query parameter in the/app/login
endpoint to identify the application that is initiating the login request. This is necessary because FusionAuth needs to know which application's configuration to use when processing the login request. Theclient_id
is a unique identifier for your application in FusionAuth.On the other hand, in the backend for the
/app/callback
endpoint, theclient_id
is read from the configuration file because this is the server-side part of your application. Here, theclient_id
is used to authenticate your application to FusionAuth when it makes API calls. This is typically done in a secure server environment where theclient_id
can be safely stored and kept secret.In summary, the
client_id
is used in both contexts but for slightly different purposes. In the/app/login
endpoint, it's used to identify the application making the request, while in the/app/callback
endpoint, it's used to authenticate the application to FusionAuth.Although it did not satisfied me at all but it raised another question by saying, and I qoute "in a secure server environment where the
client_id
can be safely stored and kept secret.". What is the world?Talk about double standard, when frontend wanted to send it in
/app/login
it is safe and secure but when it comes to/app/callback
backend is safe?Does that mean that we can use different
client_id
s? of course not. Or at least that is my understanding. -
RE: Will I be able to set custom claims on self hosted free version?
@dsmurrell Dunno about this hasura but I am doing it in a self hosted FusionAuth. I am using Docker and dockerize FusionAuth.
Maybe better to contact their customer support
-
why "client_id" is passed down in query param in "/app/login" endpoint while it is being read from config file in backend for "app/callback" endpoint
Hi dear reader,
I am implementing the backend to comply with
@fusionauth/react-sdk
lib specification. But right now I am pretty confused about the reason we are passing alongclient_id
from our ReactJS application (see here).Then in our backend we are reading it: https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/login.js#L12
Fair enough and I could relate to that, we might want to let client to specify client_id to be more flexible in terms of being able to serve different clients.
But then I went ahead and tried to implement the next endpoint which necessary:
/app/callback
. There I was shocked, why in the worlds we are reading the client_id from a config file that is in backend?I am just at a lost at this point to be honest. This implementation does not make sense to me at all. I thought it might be a bug and went for creating a new issue for the lib but then decided to ask it first here and if no one answered my call I'll create one.
-
RE: Robots.txt file at FusionAuth root location?
@ronn316 Nice, Please mark the thread as resolved so that others know what was the answer for you.
Thanks
-
RE: iss is https://localhost:9011 and not http://localhost:9011
My bad, I was misconfiguring my FusionAuth instance and at the same time banging my head against a brick wall.
So who answered my question? FusionAuth Docs AI.
The
iss
orissuer
claim in FusionAuth is a URL that identifies the principal that issued the JWT. Theissuer
claim is a case-sensitive string containing a string or URI value. The processing of this claim is generally application-specific.
In FusionAuth, the issuer claim can be set in two ways:- You can set it in the tenant configuration, where it will apply for all JWTs issued for that tenant. You can modify this by navigating to "Tenants", then your tenant, then "General". Here, you can modify the "Issuer" field value.
- You can set it at the individual JWT level by modifying the JWT populate lambda. You would do this if you wanted to have a different issuer based on some information from the user or registration data.
The issuer claim is typically set to the URL of your FusionAuth instance. For example,
https://local.fusionauth.io
orhttp://localhost:9011
. The choice betweenhttp
andhttps
depends on whether your FusionAuth instance is set up to use SSL or not. If it is, thenhttps
should be used. If not, http can be used.
In the case ofhttps://localhost:9011
, this means that the FusionAuth instance is set up to use SSL and is running on the local machine on port9011
.Although it was not completely correct but its first suggestion was right on the money. I am configuring FusionAuth using
Terraform/OpenTofu
. And there I was passing the wrong value to issuer. Learn more here: https://registry.terraform.io/providers/fusionauth/fusionauth/latest/docs/resources/tenantSo I was passing
https://localhost:9011
. -
iss is https://localhost:9011 and not http://localhost:9011
Hey guys,
Explaining what I am doing
I am validating my
access_token
andid_token
with FusionAuth by calling thisvalidateJWT
(I think internally it calls this endpoint) from Typescript client. It returnshttps://localhost:9011
as the jwt's issuer while I think it should behttp://localhost:9011
.what is the source of confusion for me?
Now I am not sure what is happening here and why
iss
's protocol isHTTPS
and not your normalHTTP
. Do I have to explicitly tell FusionAuth to use which protocol somewhere when I am configuring it withTerraform/OpenTofu
orkickstart.json
?Any idea?
Need to see my
terraform/opentofu
's conf? here it is: https://github.com/kasir-barati/you-say -
RE: how to implement user invitation
Thanks @dan ,
so in other words your saying to manage who invited who* in my own app; thing like keeping this data.
Now that I think about it this makes more sense since then I have more control over it and can change its implementation however I want in the future. Besides FusionAuth is all about Auth and not my business models .
*Let's assume we have a referral program in place
-
RE: Robots.txt file at FusionAuth root location?
@ronn316 Could not you just config it at a much higher level, somewhere like in your proxy which stands between your self-hosted FusionAuth instance and the outside world. I am saying that because while I was trying to figure out a way to show a different favicon I stumbled upon this Q&A.
Hopefully this will help you .
-
RE: FusionAuth theme template triggering 404 errors on SP server
Personally cannot help you much since I have not deployed my monorepo on a server to see how FusionAuth behaves but I think it would be easier for others to assist you and understand it if you could share a reproducible repo or something of that sort.
-
Tenant name is tenant UUID even though Terraform is stating name
Hi dear community,
I have this monorepo in which I am using FusionAuth, so far so good; I can start FusionAuth service with Docker and everything but one small issue is bugging me, why tenant name is the UUID which I am giving as dev env when I applying my terraform script. So weird and unreasonable.
Steps to reproduce:
- Clone the repo.
- Run
docker compose -f fusionauth.docker-compose.yml up -d
. - Run
curl --connect-timeout 5 --retry 5 --retry-delay 5 --retry-all-errors -f http://0.0.0.0:9011/api/status
and wait for it to return{status: "OK"}
. - Run
terraform -chdir=deployment init -var-file=./dev.tfvars
. - Run
terraform -chdir=deployment plan -var-file=./dev.tfvars
. - Run
terraform -chdir=deployment apply -var-file=./dev.tfvars
. - OPTIONAL: if you like to see the custom theme configured with terraform you need to reapply the same plan; just run the last command once more*.
- Open your favorite browser and go to
localhost:9011/admin
. - Enter
admin@admin.com
as email andadminadmin
as your password. - Open the tenants tab and there you have it:
Super important: I said that step 7 is optional, what I was trying to communicate with that was that it does not make a difference whether you apply the same planned terraform once or more than one time, the result stays the same.
Any help would be more than welcome .
*This is also another mystery that is inviting me to the world of unknow to discover why and how is Terraform configuring Custom theme that I need to reapply to see my custom theme. Though it is unrelated to the topic of this post.
-
RE: Favicon
I found out that these are the ones I need to map, although when I mapped only
favicon-128.png
it worked as well, so not sure completely but to some extends I know that these are the ones we need to map:/usr/local/fusionauth/fusionauth-app/web/static/images/favicon-128.png /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-16x16.png /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-32x32.png /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-96x96.png
But IDK exactly what
/usr/local/fusionauth/fusionauth-app/web/static/favicon.png
is being used for. Anyhow, I've decided to ignore it for the time being and later (if something happened) maybe will change my mind .Dockerfile
for those who might be also interested in my FusionAuth versionFROM fusionauth/fusionauth-app:1.45.3 USER root # Install curl RUN apt-get update && \ apt-get install -y curl && \ rm -rf /var/lib/apt/lists/* USER fusionauth COPY ./apps/frontend/public/favicon.ico /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-128.png COPY ./apps/frontend/public/favicon.ico /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-16x16.png COPY ./apps/frontend/public/favicon.ico /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-32x32.png COPY ./apps/frontend/public/favicon.ico /usr/local/fusionauth/fusionauth-app/web/static/images/favicon-96x96.png
For more details look at my repo & give it a if you found it useful.
-
RE: Favicon
Hi, I came across this. I guess for prod we will have some sort of proxy in front of our NextJS but just out of curiosity and also love to see it in my local dockerized FusionAuth I dug for like 15 min and find out we have quite a lot of fav icons in FusionAuth container, so will you help me to figure it out which one is it?
/usr/local/fusionauth/fusionauth-app/web/static/favicon.png
/usr/local/fusionauth/fusionauth-app/web/static/images/
favicon-128.png
favicon-16x16.png
favicon-32x32.png
favicon-96x96.png
Or maybe all of them?
Have any idea @dan @dmitry-karpik?
-
RE: how to implement user invitation
Hey @dan,
Great topic to discuss actually. Thought I cannot think of a website that wanted to limit their user to be able to invite users each time with a new invitation code. To me it sounds like over kill*, I very much like to have one (if possible customizable) invitation code. So if we even introduced incentives they will have more freedom to make invitation code that reflects their brands.
Any comment?
*Correct me if I a wrong thought, I am assuming that you want to gen a new invitation code for a user after they used it once to invite somebody and now want to invite someone else
-
RE: Redirect from the password complete page?
Hey FusionAuth fans,
I've just come up with a brilliant idea, why not utilizing theme message? I have working example here. Just a quick run down on what I have done there:
- I am adding a new message key-value pair to my default custom theme called
frontend-app-url
. Implemented in a terraform resource namedcustom-theme
. It is a bit hacky of course. - I am using it in my
change-password-complete.ftl
And this way I worked my way around it
Hopefully this will help you, do not hesitate to give this repo a in GitHub.
- I am adding a new message key-value pair to my default custom theme called
-
RE: Connection refused when I try to register a new user with @fusionauth/typescript-client
Hey folks,
Coming from the future. I just decided to change my
docker-compose.yml
to usenetwork_mode: host
therefore my former comment is no longer valid. Please look at my monorepo on how I am utilizing Terraform, Docker, mailcatcher as my local SMTP, NestJS, and NextJS.I also wrote a couple of
README.md
s here and there for future references.Feel free to give it a star on GitHub and or better yet use it.
-
RE: Unable to send email via JavaMailPrime Messaging Exception
I had the same issue with SMTP and how to configure it. I can confirm that most likely it is an issue with how you have configured your SMTP and FusionAuth.
BTW I have created this monorepo which utilizes FusionAuth, Docker, mailcatcher, NestJS, and NextJS. Check how I wrote
fusionauth.docker-compose.yml
and how terraform is configuring FusionAuth. I also jot down here and there some infos about them, so if you like you can definitely readREADME.md
files.I also appreciate it if you give it a star on GitHub.
-
RE: Connection refused when I try to register a new user with @fusionauth/typescript-client
I had to access fusionauth instance with its service name and not
localhost
. Just look at my.env.example
to understand what was wrong. -
RE: Connection refused when I try to register a new user with @fusionauth/typescript-client
I guess I found out the issue, it was related to docker and networking, it seems that when I run the nodejs app on its own on my local env and just dockerize fusionauth and its stack it is working but now when I dockerize my nodejs app alongside the fusionauth. Any idea on what is wrong?