RE: Pass value from API to webhook

@alexandros-nafas , were you able to figure it out?

@alexandros-nafas are you trying to make an update through the API then reflect that value of are you trying to pass a value in the URL and get that? It may help to give an example.

@johnmiller It looks like the issue is that the 'retrieve a user via JWT' functionality was removed in 1.60.0. (It appears the User API JWT authentication method was deprecated in version 1.50.0. An issue has been filed to remove it from the client libraries.

Thank you from bringing this to light.

@rachel-flatt OK, it looks like your application is using the JWT setttings from the Tenant. You can go to the Admin UI select Tenants -> Find the tenant your application is under -> Select Edit and go to the JWT tab. You should find the settings there.

@johnmiller Can you please share a code snippet of the call? I will try to recreate and see if we can figure something things out.

@Ruka , this seems like something that should be reported as an issue.

@patrick_ag Is this just when you are loading the page or are you trying to take some action?

@rachel-flatt It is odd that you do not see the page. Are you an admin user? Can you post a screenshot with what you do see? (Please be sure to redact secrets and private information)

@oliver-muthusami hmmm. I did some poking around Microsoft's documentation and found this.

The inclusion of the refresh token in the response can depend on several factors, including the specific configuration of your application and the scopes requested during the authorization process. If you expect to receive a refresh token in the response but fail to, consider the following factors:

Scope requirements: Ensure that you're requesting the offline_access scopes along with any other necessary scopes.
Authorization grant type: The refresh token is provided when using the authorization code grant type. If your flow differs, the response can be affected.
Client configuration: Check your application's settings in the identity platform. Certain configurations may restrict the issuance of refresh_tokens.

Are you sure you have Entra configured correctly?

@oliver-muthusami Awesome that you got what you need. Thanks for reaching out and letting us know!

@dalamenona This error is coming from Prometheus right? Is there a way to get it to tell you which metric is being reported? If not, could you set up a network monitor and capture the traffic that is being sent to narrow down the metric being sent by FusionAuth that is causing the problem? Maybe then we can look into why FusionAuth is sending the conflicting data.

@oliver-muthusami Have you looked at what Entra ID returns in the reconcile lambda?

@dalamenona I see your point about the Database_primary_pool_MaxConnections being set to 20 on the value for usage being reported above that. Browsing around the web, I came across something that said Database_primary_pool_Usage is over the lifetime of the application, but can't seem to find the source now. You also make a valid point about around the other data defenitions. It may make sense to do a deeper dive into HikariCP sources in general. There may be some answers there.

Anyone here familiar with these numbers?

It may also make sense for you to open an issue with FusionAuth as it is not clear to me if these numbers are coming from FusionAuth or HikariCP.

@fabio-venturi I am not familiar with Prometheus, but I asked the AI on the FusionAuth site and it came back with.

Database_primary_pool_Usage is a Prometheus metric exposed by FusionAuth which reports how much of the primary database connection pool is currently in use. It lets you see whether your HikariCP pool is close to exhaustion and is useful for capacity and health monitoring. [Monitor Prometheus]

In the Prometheus UI you can graph it by entering Database_primary_pool_Usage in the expression box and executing the query. [Monitor Prometheus]

It said it based the answer on the page you found, but I don't know enough to say for certain. Does this make sense to you?

@marcel-beutner If you have found a bug, you may want to report it using the FusionAuth Issues.

I just did a search on 1.61.0 in the Admin UI and my results were sortable by the name. Can you give us the exact query you used to use the search API and the search you used in the search bar? I am curious to see if that returns something different.

@rachel-flatt There are a couple of settings you can take a look at. If you go to Applications -> FusionAuth and look at the OAuth tab, you should see the Session timeout. Is this what you are looking for? The other is the Applications -> FusionAuth -> Edit -> JWT -> Refresh Token Settings -> Refresh Token duration. This is set to 60 minutes, for a 3600 second duration.

I found this post that may help as well.

@vijaysingh1784 Looks like you have done a bit of research your self and made a pretty good analysis. I am not very familiar with MojoAuth, but just to confirm a few things:

• FusionAuth is very customizable. You should check out things like Lambdas, Webhooks and other various options.

• FusionAuth can be self-hosted or can be hosted for you.

• FusionAuth handles SAML, SCIM and other various integrations.

• FusionAuth is very scalable and gives you great control with api acess and other mechanisms.

• Depending on your needs, FusionAuth can be as easy to self host as spinning up a docker image to a full blown complex K8s deployment. It should fit your needs there.

• While there is no direct migration guide for the product you are talking about, there are several other migration guides for you to look over that should give you an idea on how to do it.

@biwi It sounds like the keys may have gotten switched or something odd. Is it possible to wipe everything out at try again from scratch? Also, check out this blog post as it may be useful for you as well.