@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens

Best posts made by mark.robustelli
-
RE: Missing data.salution in /ouauth/userinfo which replaces /api/user
@kiouplidis I found this in the documentation.
In version 1.50.0 and later, the UserInfo response can be customized with a lambda using the oauthConfiguration.userinfoPopulateLambda value of the application object. See UserInfo populate lambda.
In FusionAuth, you can add custom data to the oauth2/userinfo endpoint response using a Lambda function. This function can add extra claims to the UserInfo response. Here's an example of a simple Lambda function that adds a few extra claims:
function populate(userInfo, user, registration, jwt) { // Add a new claim named 'favoriteColor' from a custom data attribute on the user userInfo.favoriteColor = user.data.favoriteColor; // Add a new claim named 'dept' using a custom data attribute on the registration userInfo.dept = registration.data.departmentName; // Copy a claim named 'applicationId' from the provided JWT userInfo.applicationId = jwt.applicationId; // Create an event log of type 'Debug' when the lambda has Debug enabled console.debug('Added custom claims to the UserInfo response'); }
In this example, the favoriteColor and dept are custom claims added to the UserInfo response. These claims are derived from the custom data attributes on the user and registration respectively.
Please note that the Lambda function needs to be assigned to an application in FusionAuth for it to take effect. -
RE: Salesforce error: Id_Token_Error: Missing or invalid iss
Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?
-
Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key
I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.
I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.How do I add the required key to FusionAuth?
Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'. -
RE: 3rd Party Authentication
@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.
Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?
-
Using Analytics to Track Registrations
What is the best way for analytics tracking after a user has successfully registered?
-
RE: 3rd Party Authentication
@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.
-
Multi-Region Cloud Setup
Does FustionAuth support multi-region active-active set-up for cloud services?
-
RE: 3rd Party Authentication
@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select
Applications
. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here. -
RE: Add User to group not working
@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.
Latest posts made by mark.robustelli
-
RE: Doubling of login records
@sergey_smirnov hmmm..Ok can we verify this is 100% not user action? Can you add some logging to your application so we can see what a user is clicking or starting a new session? Then we can compare with the logs in FusionAuth.
-
RE: Configure HTTPS with a custom certificate for our domain
@john-0 If you log into account.fusionauth.io and click on Hosting, you should see your instance listed. From there select Custom URL(s) from the Action drop down. If you do not see those options, you may need other permissions.
-
RE: Configure HTTPS with a custom certificate for our domain
@john-0 have you been through the documentation for custom domains? Is there something that is not working for you?
-
RE: How to implement magic link login across devices
@njanaskie You are correct in that magic links are designed to be a one time use. I do not know of any work around for your situation.
It will be interesting to see if others chime in.
-
RE: How to get all locked users
@francesgee836 I came across this open issue that may be of use.
If you are using the Elasticsearch search engine:
You can search for users with active:false to find users who are not active, which typically includes locked users.If you are using the database search engine:
You cannot directly filter for locked users in the search API. The workaround is to retrieve all users (using a wildcard search) and then filter for active:false in your application code after retrieving the results.Currently, FusionAuth does not provide a built-in filter specifically for "locked" users distinct from "inactive" users in the API or UI. The active:false filter is the closest available option, and it may include both locked and other inactive users.
-
RE: Doubling of login records
@sergey_smirnov I was referring to the application level. Try to disable it there and see if you are still getting the double login.
-
RE: Unable to Obtain Tenant-Signed Access Token for Data-Plane Apps in a Multi-Client, Multi-Application FusionAuth Architecture
@ezequiel-rebasa If you are just talking about testing, you could just add some data to the Lambda's to see if it works for your needs. This would allow you to test without having to spin up a second Docker instance. If it does work, then you may need to upgrade or figure out if you can use APIs to update the lambdas in the instances with the data you need.
-
RE: Doubling of login records
@sergey_smirnov If you are not using the JWT, can you disable it in the AdminUI?
-
RE: Step-up authentication trustChallenge/trustToken binding and validation for custom APIs
@fernando-hellwig Check out this piece of documentation on Step-Up Authentication when you get a chance. It sounds like what you are referring to.
-
RE: Send email to set up password - This feature is currently not enabled, see the tenant email configuration
@nate Can you successfully Send test email from Tenants -> Select Edit from desired Tenant -> Email in the AdminUI? This will test if your SMTP settings are correct.