@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens
Best posts made by mark.robustelli
-
RE: Missing data.salution in /ouauth/userinfo which replaces /api/user
@kiouplidis I found this in the documentation.
In version 1.50.0 and later, the UserInfo response can be customized with a lambda using the oauthConfiguration.userinfoPopulateLambda value of the application object. See UserInfo populate lambda.
In FusionAuth, you can add custom data to the oauth2/userinfo endpoint response using a Lambda function. This function can add extra claims to the UserInfo response. Here's an example of a simple Lambda function that adds a few extra claims:
function populate(userInfo, user, registration, jwt) { // Add a new claim named 'favoriteColor' from a custom data attribute on the user userInfo.favoriteColor = user.data.favoriteColor; // Add a new claim named 'dept' using a custom data attribute on the registration userInfo.dept = registration.data.departmentName; // Copy a claim named 'applicationId' from the provided JWT userInfo.applicationId = jwt.applicationId; // Create an event log of type 'Debug' when the lambda has Debug enabled console.debug('Added custom claims to the UserInfo response'); }
In this example, the favoriteColor and dept are custom claims added to the UserInfo response. These claims are derived from the custom data attributes on the user and registration respectively.
Please note that the Lambda function needs to be assigned to an application in FusionAuth for it to take effect. -
RE: Salesforce error: Id_Token_Error: Missing or invalid iss
Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?
-
Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key
I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.
I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.How do I add the required key to FusionAuth?
Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'. -
RE: 3rd Party Authentication
@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.
Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?
-
Using Analytics to Track Registrations
What is the best way for analytics tracking after a user has successfully registered?
-
RE: 3rd Party Authentication
@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.
-
Multi-Region Cloud Setup
Does FustionAuth support multi-region active-active set-up for cloud services?
-
RE: 3rd Party Authentication
@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select
Applications
. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here. -
RE: Add User to group not working
@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.
-
RE: 3rd Party Authentication
@it-contracts, which license did you purchase? If you selected the Essentials Plan you should have access to the Account Portal and may receive support directly through email if this is time sensitive.
-
RE: Membership Data
@sandesh I think I know what is going on. So when you create the group, that data is associated with that group. When you add data to link the user to the group. That data is associated with that user-group connection.
Here are the steps that I hope help make sense of this.
I create a group using the APIs, add accountId and see it in the results
In FusionAuth, I can see:
I then add a user to the group
and don't see the data returned.
When I add, the data to the user creation, I see it returned. Notice I use AccountID2 here to be different.
However, when I go into FusionAuth, I see the data associated with the user-> group
When I query the user, I get the info. Notice AccountID2 in the results.
If I query the group, I get the following. Notice the original AccountId.
I hope this explains it. If not and you want to get the accountID for the group, you should just able to query the group as a work around.
-
RE: Showing Error Message to User in Google Authentication
@it-contracts , if the login for Google fails, then it would be on the "Applicaiton" to show that failure. It could be as simple as a page that displays "User Not Logged In" when trying to access a secure page. I don't think your application should be responsible for displaying the problem with the authentication. You are handling that off to Google in this example. All your application should be concerned with is if the user is authenticated or not.
I'm not going to give the the RTFM manual response, but have you taken a look at any of our quickstarts quickstarts? This one uses Java and Spring time but there many languages. They should all be pretty quick to get through. If you are just interested in seeing it work, there should be a completed application in the
complete-application
folder of the repo.Sometimes, seeing concrete examples helps more than talking hypothetical discussion.
-
RE: NextJS + custom backend (NestJS)
@kasir-barati When you say "I dunno if we can use them to change what Get /me endpoint returns", you might want to check out the UserInfo Populate Lamba.
-
RE: Showing Error Message to User in Google Authentication
@it-contracts, just wanted to check in and see how it is going? Have you been able to accomplish what you were working on?
-
RE: Username as the LoginID for forgot password workflow
@david-4 , Is this what you are looking for? Using Replacement Variables
-
RE: Showing Error Message to User in Google Authentication
@it-contracts Were you able to get the quickstart going? I think once you do that, you can follow https://fusionauth.io/docs/v1/tech/identity-providers/google and that will get you the info you need.
-
RE: SAML redirect change to GET
In the SAML protocol, the Identity Provider (IdP) typically sends the SAML assertion to the Service Provider (SP) via an HTTP POST binding. This is because the SAML response data can be quite large and may exceed the maximum URL length if sent via GET.
FusionAuth, when acting as a SAML IdP, follows this standard practice and sends the SAML assertion to the SP via POST. Currently, there is no configuration option in FusionAuth to change this behavior to use a GET binding instead.
For more details on how FusionAuth handles SAML, you can refer to the FusionAuth SAML documentation.Can you tell us why you need it as a GET?
-
RE: What is the MAU limit in the free plan?
@benlibassinan If you host it, the Community Plan is free for unlimited users. https://fusionauth.io/pricing?step=plan&hosting=self-hosting
-
RE: FusionAuth not persisting user's info
@account what are you using to make the API calls? Have you tried using Postman to see if that is consistent?