RE: Create user with FusionAuth Admin Interface from Kickstartfile

@quent That would be great. Can you give me and example how can I achieve this?

Hello!

Is there any document or repository where I can find any single property and possible values for it that can be configured via kickstart?

For example, I would like to configure JWT for an application.

I know some basics so I configured it like this:

"jwtConfiguration": {
     "enabled": true,
     "timeToLiveInSeconds": 604800,
     "refreshTokenTimeToLiveInMinutes": 43200,
     "refreshTokenExpirationPolicy": "Fixed",
     "refreshTokenUsagePolicy": "Reusable"
},

Now I am seeking other properties, like Id Token signing key and possible values that can be selected in the admin panel from a dropdown.

How should I set the Id Token signing key property to OpenID HSA-256 for example?

or the Access Token signing key configuration option or in the OAuth configuration how can I configure PKCE?

I couldn't find any document or repo that covers at least the logic behind the kickstart configuration property names and their values.

I know there are so many examples for apps and for simple kickstart files but these are not covering all configuration options.

Thanks for your help in advance!

Patrick

@dan

Yes, this answers my question, thank you!

@dan

Yes, this answers my question, thank you!

@dan

Yes, it was helpful, thank you very much!

The only thing I didn't see but I figured out is setting the Id Token signing key to OpenID Connect compliant HMAC using SHA-256.

What I did is set manually that property and took a look at the logs. There I found the new value of it and added that to kickstart.json.

I am curious if this is working because I set the algorithm and the accessTokenKeyId as follows:

            "algorithm": "HS256",
            "accessTokenKeyId": "#{FUSIONAUTH_DEFAULT_SIGNING_KEY_ID}",

and I added let's say a random uuid for the idTokenKeyId, or it is working because I added the hard coded idTokenKeyId which gives me the OpenID Connect compliant HMAC using SHA-256 name and value.

Hello!

Is there any document or repository where I can find any single property and possible values for it that can be configured via kickstart?

For example, I would like to configure JWT for an application.

I know some basics so I configured it like this:

"jwtConfiguration": {
     "enabled": true,
     "timeToLiveInSeconds": 604800,
     "refreshTokenTimeToLiveInMinutes": 43200,
     "refreshTokenExpirationPolicy": "Fixed",
     "refreshTokenUsagePolicy": "Reusable"
},

Now I am seeking other properties, like Id Token signing key and possible values that can be selected in the admin panel from a dropdown.

How should I set the Id Token signing key property to OpenID HSA-256 for example?

or the Access Token signing key configuration option or in the OAuth configuration how can I configure PKCE?

I couldn't find any document or repo that covers at least the logic behind the kickstart configuration property names and their values.

I know there are so many examples for apps and for simple kickstart files but these are not covering all configuration options.

Thanks for your help in advance!

Patrick

@quent @dan Thank you for your help! I get it working.

My mistakes were the following:

1. I tried to specify the Fusionauth app id.
2. I tried to create the FusionAuth app which gave me an error that it already exists.
3. I used the default (provided) FusionAuth app id wrongly.
4. I tried to register the user twice.

Here is my solution without any other registration:

If you would like to give access to an already registered user u should provide access to that user with the same URL but with the following body:

      "body": {
        "skipRegistrationVerification": true,
        "registration": {
          "applicationId": "#{FUSIONAUTH_APPLICATION_ID}",
          "roles": ["admin"]
        }
      }

If you would like to give access to a new user, then u should do it under a different URL and you have to specify the user email and password inside the body like this:

      "body": {
        "user": {
          "email": "#{adminEmail}",
          "password": "#{password}"
        },
        "registration": {
          "applicationId": "#{FUSIONAUTH_APPLICATION_ID}",
          "roles": ["admin"]
        }
      }

@quent That would be great. Can you give me and example how can I achieve this?

@dan Hello!

If I try to add an application registration as shown in the example in FusionAuth's Github repo, it gives me this error:

2022-12-13 02:42:06.813 PM ERROR io.fusionauth.api.service.system.kickstart.KickstartRunner - Failed to execute request to [POST][/api/application/00000000-0000-0000-0000-000000000001] Status [400]

Request body:

{

  "application" : {

    "name" : "FusionAuth",

    "roles" : [ "user", "admin" ]

  }

}

2022-12-13 02:42:06.813 PM ERROR io.fusionauth.api.service.system.kickstart.KickstartRunner - Error response:

{

  "fieldErrors" : {

    "application.name" : [ {

      "code" : "[duplicate]application.name",

      "message" : "An Application with name [FusionAuth] already exists."

    } ]

  },

  "generalErrors" : [ ]

}

If the kickstart creates FusionAuth for himself, how could I get its id to register users to it with an admin role?

The supportId doesn't create any error.

My kickstart file is a valid JSON file.

I am trying to use image: fusionauth/fusionauth-app:1.38.0 image of FusionAuth.

@quent I thought about that, but how should I get the id of FusionAuth that was just created by kickstart?

Hello @dan !

I tried what you show us, like this:

{
      "method": "POST",
      "url": "/api/user/registration/00000000-0000-0000-0000-000000000001",
      "body": {
        "user": {
          "firstName": "Adam",
          "lastName": "Smith",
          "email": "#{adminEmail}",
          "password": "#{password}"
        },
        "registration": {
          "applicationId": "#{ENV.FUSIONAUTH_CLIENT_ID}",
          "roles": ["admin"]
        }
      }
    },

but after this, my local FusionAuth admin panel redirects me to the setup wizard form which I can't complete because it's giving me a 500 Server error.

This tells me something is wrong with my newly added block because before I added it my FusionAuth worked fine.

I also tried to add an application registration with the same id and with the name FusionAuth, like this:

    {
      "method": "POST",
      "url": "/api/application/#{ENV.FUSIONAUTH_CLIENT_ID}",
      "body": {
        "application": {
          "name": "FusionAuth",
          "roles": ["user", "admin"]
        }
      }
    },

but this didn't solve my issue.

Thanks for your help in advance!

Best Regards,
Patrik