FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. nick
    3. Topics
    N
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 3
    • Best 1
    • Controversial 0
    • Groups 0

    Topics created by nick

    • N

      Users cannot accept invitation, redirect_uri missing

      Q&A
      • • • nick
      3
      1
      Votes
      3
      Posts
      865
      Views

      N

      I have encountered this error and managed to work out the following steps to get things working

      FWIW I think this issue is the same as https://fusionauth.io/community/forum/topic/1098/registration-question-sendsetpassword-flow/7

      I get the above error using the default Setup Password template which contains link with template http://localhost:9011/password/change/${changePasswordId}?client_id=${(application.oauthConfiguration.clientId)!''}&tenantId=${user.tenantId}

      If I add redirect_uri=http://localhost:3000 then I end up being redirected to http://localhost:3000?error=invalid_request&error_reason=missing_response_type&error_description=The+request+is+missing+a+required+parameter:+response_type without ever setting a password.

      Once I add response_type=code I now get to be able to set the password.

      It looks like the /password/change endpoint actually jumps into the OIDC/OAuth flow after the password is set and my redirect URL gets a code (which I assume can be exchanged for a token), however as I am using ASP.NET 5 & the OpenIdConnect extensions the state parameter contains encrypted data that must be supplied so I have found it best to ignore the code and simply trigger the OIDC challenge which causes a redirect back to FusionAuth (with required state) which immediately redirects back to my API (as there is an open SSO session) and my login is complete.

      It would be good if there was some documentation about the /password/change endpoint.

      (I would also be open to suggestions about how I can cleanup the redirect magic I need to do to get this all working with ASP.NET but I realise that is probably out of scope of this question!)

    • N

      Customers accounts vs internal company accounts for a SaaS app

      Q&A
      • • • nick
      5
      0
      Votes
      5
      Posts
      554
      Views

      M

      @nick said in Customers accounts vs internal company accounts for a SaaS app:

      Hello,

      I'm trying to understand how FusionAuth would work best for a SaaS app with two kinds of accounts: customers and internal admins.

      The internal company logins are e.g. sales people, developers, customer services, etc. They need to be able to access an internal admin portal, and in addition, a sandbox customer account for testing.

      It seems like it could be convenient to let internal admins share one user account and an app-switcher to toggle between their admin-view and their customer-view.

      Is it a best practice? Is it unsafe in any way?

      Thanks,

      You should look into FusionAuth.io to see if it fits your needs. It has a more adaptable model than the big SaaS solutions and could meet your needs both now and in the future.