@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens
![](/community/forum/assets/uploads/profile/uid-2507/2507-profileavatar-1691168005047.png)
mark.robustelli
@mark.robustelli
Best posts made by mark.robustelli
-
RE: Salesforce error: Id_Token_Error: Missing or invalid iss
Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?
-
Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key
I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.
I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.How do I add the required key to FusionAuth?
Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'. -
RE: 3rd Party Authentication
@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.
Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?
-
Using Analytics to Track Registrations
What is the best way for analytics tracking after a user has successfully registered?
-
RE: 3rd Party Authentication
@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.
-
Multi-Region Cloud Setup
Does FustionAuth support multi-region active-active set-up for cloud services?
-
RE: 3rd Party Authentication
@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select
Applications
. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here. -
RE: Add User to group not working
@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.
-
RE: 3rd Party Authentication
@it-contracts, which license did you purchase? If you selected the Essentials Plan you should have access to the Account Portal and may receive support directly through email if this is time sensitive.
Latest posts made by mark.robustelli
-
RE: Passwordless Login Questions
@alan-rutter When it comes to account recovery in a passwordless login system, the most recommended method is to use a self-service approach. This means allowing users to recover their accounts themselves, which not only saves administrative costs but also saves the user's time. The simplest form of account recovery, and the one most amenable to automation, is a “forgot password” flow. This should be part of any Customer Identity and Access Management (CIAM) system.
In the context of passwordless authentication, this could involve sending a one-time code or a magic link to the user's registered email or phone number. The user can then use this code or link to authenticate themselves and regain access to their account. This method is secure and user-friendly, as it does not require the user to remember any passwords.
For more information, you can refer to these articles on account recovery and passwordless authentication.
-
RE: Correct role for login records
@david-gonzalez I created a new user
test@test.com
and added the FusionAuth Registration. I granted it the Report Viewer role and was able to log in and see recent logins on the Dashboard. (I assume that is what you are talking about.) I got curious and removed the Report Viewer role and added the Event log viewer role. That allowed the test user to see the Dashboard as well. Will one of those two roles work for you? -
RE: Not getting enough details using Google Oauth
@prince-b What scopes are you requesting?
-
RE: E-mail template macros
@zaalbarxx Currently, FusionAuth does not support the use of macros for reusing content across different email templates. There is an
open issue on GitHub discussing this feature. I suggest you up vote it. -
RE: Unsuccsesfull attempt to implement invitation flow.
@mou Have you thought about setting up a separate application for the "Invited" users, then the work flow could be about registering. Once they complete registration and setting of the password, you could grant them access to the main application through the APIs and redirect them. That would allow you to keep the messaging different for the invited users and existing users.
-
RE: Username as the LoginID for forgot password workflow
@david-4 , Is this what you are looking for? Using Replacement Variables
-
RE: Upgrading from 1.46.0 to 1.47.1 CSRF token issue with IdP
@tvdlooy Is there anything in the logs that refers to this issue?
-
RE: Angular and .NET - totally confused
@alan-rutter , Totally understandable. We are going to try to put together a sample that should help make sense of things. Will get back when we have something.
-
RE: NextJS + custom backend (NestJS)
@kasir-barati When you say "I dunno if we can use them to change what Get /me endpoint returns", you might want to check out the UserInfo Populate Lamba.
-
RE: Angular and .NET - totally confused
@alan-rutter Please forgive me if I am over simplifying, but if you use the Authorization Code Flow, FusionAuth will write a cookie with the JWT. From there, when you make an API call, the cookie should be sent and you can interrogate the JWT for access. Does that make sense?