RE: Duplicating an application held in 'Tenant1' to 'Tenant2' stays in 'Tenant1'

@francis-ducharme-0 You may have to parse the json returned from the get and modify a few things. Does the application get created but not work or does the application not get created? I would think you would need to take the relevant parts from the returned application then create the application under a new tenant? Remember you will have to use the new TenantId in the Request Header. If you are not supplying the TenantId, it will use the default.

On a side note: If you are still interested in a duplicate application across tenant feature in the API, you might want to put a request in.

@sergey_smirnov, it is awesome that you are able to follow and create steps to replicate the issue. To be 100% I'm not sure if this is a bug or a feature request. If FusionAuth is not behaving as you would like it, I would suggest opening an issue on Github. Be sure to include the details and repeatable steps.

@francis-ducharme-0 Hey, after taking a look, it seems the only way to do it is to get the application you want to use, parse the JSON for the things you want to keep and then format new json for the create. So you can do it, it is just going to take a little extra work. Sorry for the inconvenience.

I'm not sure exactly what you are trying to accomplish, but have you checked out Universal Applications? A bit more documentation on them is available here.

@francis-ducharme-0 I was unable to tinker with this last week, but didn't want you to think I forgot about it. It is still on my list when I have some availability. Will post if/when I find something.

@michaelgaffney278 Is there a reason you would like to keep the existing users on the old hash? It doesn't seem like it. If you would like to rehash all users when they login, please check this out. It talks about rehashing all passwords for a custom hash, but if you select an existing hashing scheme, it should convert it as well. Is this what you are after?

I would think you could migrate all the existing users with your custom hashing, then at some point switch the hash setting and be where you want.

I would test this out before trying in production, but it may do the trick.

@d-chinguun-0301 Interesting use case. Once the user has authenticated, FusionAuth doesn't know much about what the user is doing other than to refresh tokens or log out the user. You could put some logic in the application itself that would help you calculate.

Also, I did come across this post that might give you some ideas too.

Would love to see some screenshots once you get it up and running!

@francis-ducharme-0 It looks like you can do it through the AdminUI and generally if you can do it through the AdminUI, you can do it through the APIs. I should have some time later this week to test this out. If anyone else gets a chance to before then, please let us know.

@lambert-torres You can get support for FusionAuth. Please see the pricing page if you are interested. I'm not sure if this is your exact situation, but you might want to look at this blog post as well.

@witard91335 Interesting, how do you see the flow working? What kind of tags are you trying to track though FusionAuth?

@d-chinguun-0301 Have you tried deleting their session from the Admin UI?

@john-0 Glad you got it figured out.

@sergey_smirnov hmmm..Ok can we verify this is 100% not user action? Can you add some logging to your application so we can see what a user is clicking or starting a new session? Then we can compare with the logs in FusionAuth.

@john-0 If you log into account.fusionauth.io and click on Hosting, you should see your instance listed. From there select Custom URL(s) from the Action drop down. If you do not see those options, you may need other permissions.

@john-0 have you been through the documentation for custom domains? Is there something that is not working for you?

@njanaskie You are correct in that magic links are designed to be a one time use. I do not know of any work around for your situation.

It will be interesting to see if others chime in.

@francesgee836 I came across this open issue that may be of use.

If you are using the Elasticsearch search engine:
You can search for users with active:false to find users who are not active, which typically includes locked users.

If you are using the database search engine:
You cannot directly filter for locked users in the search API. The workaround is to retrieve all users (using a wildcard search) and then filter for active:false in your application code after retrieving the results.

Currently, FusionAuth does not provide a built-in filter specifically for "locked" users distinct from "inactive" users in the API or UI. The active:false filter is the closest available option, and it may include both locked and other inactive users.

@sergey_smirnov I was referring to the application level. Try to disable it there and see if you are still getting the double login.

@ezequiel-rebasa If you are just talking about testing, you could just add some data to the Lambda's to see if it works for your needs. This would allow you to test without having to spin up a second Docker instance. If it does work, then you may need to upgrade or figure out if you can use APIs to update the lambdas in the instances with the data you need.

@sergey_smirnov If you are not using the JWT, can you disable it in the AdminUI?

@fernando-hellwig Check out this piece of documentation on Step-Up Authentication when you get a chance. It sounds like what you are referring to.