FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. mark.robustelli
    • Profile
    • Following 0
    • Followers 0
    • Topics 16
    • Posts 375
    • Best 23
    • Controversial 0
    • Groups 3

    mark.robustelli

    @mark.robustelli

    24
    Reputation
    38
    Profile views
    375
    Posts
    0
    Followers
    0
    Following
    Joined Last Online

    mark.robustelli Unfollow Follow
    FAQ Posters FusionAuth administrators

    Best posts made by mark.robustelli

    • RE: Implementing GitHub-like "Personal Access Tokens"

      @mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Missing data.salution in /ouauth/userinfo which replaces /api/user

      @kiouplidis I found this in the documentation.

      In version 1.50.0 and later, the UserInfo response can be customized with a lambda using the oauthConfiguration.userinfoPopulateLambda value of the application object. See UserInfo populate lambda.

      In FusionAuth, you can add custom data to the oauth2/userinfo endpoint response using a Lambda function. This function can add extra claims to the UserInfo response. Here's an example of a simple Lambda function that adds a few extra claims:

      function populate(userInfo, user, registration, jwt) {
        // Add a new claim named 'favoriteColor' from a custom data attribute on the user
        userInfo.favoriteColor = user.data.favoriteColor;
        // Add a new claim named 'dept' using a custom data attribute on the registration
        userInfo.dept = registration.data.departmentName;
        // Copy a claim named 'applicationId' from the provided JWT
        userInfo.applicationId = jwt.applicationId;
        // Create an event log of type 'Debug' when the lambda has Debug enabled
        console.debug('Added custom claims to the UserInfo response');
      }
      

      In this example, the favoriteColor and dept are custom claims added to the UserInfo response. These claims are derived from the custom data attributes on the user and registration respectively.
      Please note that the Lambda function needs to be assigned to an application in FusionAuth for it to take effect.

      posted in Release
      mark.robustelliM
      mark.robustelli
    • RE: Salesforce error: Id_Token_Error: Missing or invalid iss

      Hello @yuval,
      I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?

      If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key

      I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.

      I think it has to do with following message in the guide:
      The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.

      How do I add the required key to FusionAuth?

      Error Message:
      An unhandled exception occurred while processing the request.
      SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
      kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
      Number of keys in TokenValidationParameters: '0'.
      Number of keys in Configuration: '0'.
      Exceptions caught:
      ''.
      token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: 3rd Party Authentication

      @it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.

      Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • Using Analytics to Track Registrations

      What is the best way for analytics tracking after a user has successfully registered?

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: 3rd Party Authentication

      @it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • Multi-Region Cloud Setup

      Does FustionAuth support multi-region active-active set-up for cloud services?

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: 3rd Party Authentication

      @it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select Applications. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: Add User to group not working

      @sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.

      posted in Q&A
      mark.robustelliM
      mark.robustelli

    Latest posts made by mark.robustelli

    • RE: Why is the kickstart not running when I spin up the docker container?

      First check out the information you are getting from the docker log. Look at the log from the spin up and search for "kickstart." Was the container able to find the kickstart.json file? (In this case yes.)

      If the kickstart file was found, continue searching through the log for a potential error in the running of the kickstart. You might see something like.

      fusionauth-1  | 2025-07-02 05:14:05.177 PM ERROR io.fusionauth.api.service.system.kickstart.KickstartRunner - Failed to execute request to [PATCH][/api/user/registration/000000000001] Status [404]
      fusionauth-1  | Request body:
      fusionauth-1  | {
      fusionauth-1  |   "registration" : {
      fusionauth-1  |     "applicationId" : "e72dca1d-626c-4f4b-8f36-b7c8c2c0af33"
      fusionauth-1  |   }
      fusionauth-1  | }
      fusionauth-1  | 2025-07-02 05:14:05.177 PM ERROR io.fusionauth.api.service.system.kickstart.KickstartRunner - Error response:
      fusionauth-1  | null
      

      This will let you know there was an error and you need to resolve it. In this specific case, The PATCH request should have been a POST. Once that was changed, the kickstart ran fine.

      posted in Frequently Asked Questions (FAQ)
      mark.robustelliM
      mark.robustelli
    • Why is the kickstart not running when I spin up the docker container?

      When trying to create a kickstart, it's not getting used when i run docker compose. How can I fix it?

      posted in Frequently Asked Questions (FAQ)
      mark.robustelliM
      mark.robustelli
    • RE: Populate the First Name and Last Name when logging in with Google.

      @jakub-hajto , you may want to check out the Google Reconcile Lambda documentation. I also found this post that may be useful for you.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Email verification fails in new incognito mode

      @pocfused What versions of FusionAuth are you using? I saw this post that may account for this issue.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Doubling of login records

      @sergey_smirnov OK. It doesn't seem like the webhook you are using would cause the duplicate logins. I came across this post stating that exchanging a refresh token counts as a login event. I'm wondering if something like the user logins in using a new tab, then goes back to the old tab that triggers a refresh. If that is the case, that could account for the delay between logins and the "Something doesn't seem right" message as that session is no longer valid because of the new login. You might be able to verify this by using a webhook. There is a JWT.Refresh event that you might be able to log somewhere to see if it fires around the time of the duplicate log ins.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: Doubling of login records

      @sergey_smirnov OK, I did some investigating and here is what I have found.

      1. SSO, I saw a reference to a post that mentions using SSO will create multiple session records (but shouldn't necessarily cause multiple login events). Are you using SSO?
      1. Are you using any Lambda's? In some versions (notably 1.31.0), a bug caused the OIDC reconcile lambda to be called twice during certain identity provider logins, which could result in duplicate processing and potentially duplicate events. This was patched in version 1.32.1.

      2. Are you using any Webhooks?

      3. Are you using an external IdP?

      These are just a couple of things to consider.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: SAML CSRF token issue

      @joseantonio Ah OK. That makes sense. I couldn't find much detail on how the saml.csrf cookie works. It does seem plausible that when a new window is open that a value could change that could be causing this problem. If it is causing you problems, it may be work opening a new issue.

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: SAML CSRF token issue

      @joseantonio said in SAML CSRF token issue:

      also start the authorization process there

      What do you mean by "Also start the authorization process there?" Manually open a new tab (tab B) and paste in the URL " /oauth2/authorize"?

      If you enable debugging on the SAML tab for the Application in FusionAuth, do the logs indicate anything interesting?

      posted in Q&A
      mark.robustelliM
      mark.robustelli
    • RE: Doubling of login records

      @sergey_smirnov Hmm, the 10 sec between the logs does lead me to similar speculation that it is being caused by the user. I would think they would be closer together if it was something the application was doing on its own (although I am not entirely ready to rule that out either).

      That being said, it seems like just guessing unless you can get the application logs and trace the users page views for sure. Is that possible?

      There is a setting in the Tenants for the Session timeout.
      Tenants -> Edit -> OAuth tab -> Session timeout

      Screenshot 2025-06-26 at 8.46.22 AM.png

      Let me know if you are able to log the users page views.

      posted in General Discussion
      mark.robustelliM
      mark.robustelli
    • RE: Doubling of login records

      @sergey_smirnov You won't find the web requests in the FA dashboard, but you can enable debugging for Oauth in the application and see if that gives you more details in the System -> Even Log.

      Screenshot 2025-06-25 at 11.44.29 AM.png

      posted in General Discussion
      mark.robustelliM
      mark.robustelli