RE: How to restart FusionAuth

Solved. The error code coming back is [duplicate]user.email. I just need to ignore that!

Thx Dan, I read it. It might be more trouble than it is worth. I am thinking a link from landing page to the initiation of the passwordless might do the trick, although i do need the users to register (both for fa and for me).

      <a href="http://localhost:9011/oauth2/register?client_id=f603697d-41ea-4c53-xxxx-e935d5e34221&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Findex.php%2FConfigure%2Fcampaign_management_with_actions">Register</a>

I am running FA on my docker based PC. I'd like to backup the FA database to BackInTime just in case. What directory do I backup?

Thanks Dan. As soon as my consultant get the API for php installed I will get right on it.

Perfect. thx

Never mind. I solved this. I thought that "change password" was going to be a prompt for the user, not for me to set up the password. Once I did, it worked.

Are you asking for some free consulting ?

No, I can play this "trial and error" game for months :). Seriously though, I am a little concerned that I couldn't enter the URL for quite a few days and then it started working. I just want to be sure that the authorized request origin URL is actually being used. Is there some easy way to test that without using the API?
Did I mention that I appreciate your help and the T-shirt too?

Solved (I think). This line above needed to be changed
from
$client = new FusionAuth\FusionAuthClient($apiKey, "http://localhost:9011");
to
$client = new FusionAuth\FusionAuthClient( $apiKey, "http://fusionauth:9011");

Now I get the error code lijke in your example that will allow me to fix this thing. In your example above you use localhost too. So how does yours work when mine does not? I am using Docker btw. If using fusionauth:9011 will cause me other headaches, please let me know before I break out the champagne!

Also, we discussed putting my client secret in the Oauth login URL. I was concerned about security when doing that. Can you please recommend an easy, more secure place to keep those fields?

solved. I needed to type DELETE.

I am using the php client. In the documentation (https://github.com/FusionAuth/fusionauth-php-client/blob/master/src/FusionAuth/FusionAuthClient.php) there are 5 function calls that start with the word "send". Here they are:
public function sendFamilyRequestEmail($request)
public function sendEmail($emailTemplateId, $request)
public function sendPasswordlessCode($request) <<<this one works!!
public function sendTwoFactorCode($request)
public function sendTwoFactorCodeForLogin($twoFactorId)

I got it working! As you can see the php client doesn't line up EXACTLY with the passwordless guide.

Thanks. I set up two databases now instead of just one and having both production and staging share it. But I find when I go into the FA control panel on staging and change things such as paths it changes the paths for both the staging and the production servers.

Where do I specify (for each server) what database should be used?

I have set up a staging server called stage.researchstudyonline.com. It is running parallel to my real server researchstudyonone.com. So they are two different domains and thus use two different fusionAuth servers. They both use the same mysql RDS database.

I can log into the original one fine. But my userid/password doesn't work on http://stage.researchstudyonline.com:9011. How can fix this? Must I create a separate database for the staging server?

Hey Dan. It has been a long time! I just can't get past the passwordless problem I have with fusionAuth. Your help has been stellar but I really need to hire someone to get me over the "hump". Seems like there are not too many people out there that have a working knowledge of FA. I have tried to find one! Can't hire help and can't get community help leaves me with no options.

I took a look at https://fusionauth.io/learn/expert-advice/authentication/webapp/oauth-authorization-code-grant-sessions/ and will try to switch over to using this method since it seems well documented. I will probably need to find someone to update the themes if I get it going. Good luck on that!

I really like the diagram which shows the message flows in it. Is there a document, just like oauth-authorization-code-grant-sessions but for passwordless? That diagram, but for passwordless, would definately help.

Thanks. I read the Modern Guide to Oauth yesterday. In it I see that this code is being used to condition the URL prior to sending.

function base64URLEncode(str) {
  return str.toString('base64')
    .replace(/\+/g, '-')
    .replace(/\//g, '_')
    .replace(/=/g, '');
}

I don't know what language this is in. Where can I find a php version?

I also saw a document up here on porting from fusionAuth to auth0. I am considering going the other way. Do you guys have a document describing how to do that?

Joshua, I have been trying for over a year to get an answer to why my passwordless login is failing. I do have it working in another part of my application so I know it works.

I also know that fusionAuth is interested in signing up paid users and i am aware of my Linkedin (which i don't really use for security reasons) being perused by some of your marketing people. I just don't know how you get signups without customer success?

I am ready to launch and need to get the passwordless working. Is there a consulting arraignment I could set up to fix this one little issue? You must know an ex-FA employee who would like to make a few extra $?

And here is the code that causes that:

        $request["applicationId"] = $_SESSION['applicationID_login'];

        $request["loginId"] = $email;
        $request["state"]["redirect_uri"] = "http://researchstudyonline.com:81/index.php/Configure/report_generator_amazing";
        // $request["state"]["client_id"] = $_SESSION['applicationID_admin_register_login'];
        $request["state"]["client_id"] = $_SESSION['applicationID_login'];
        $request["state"]["response_type"] = "code";
        $request["state"]["scope"] = "openid";
        $request["state"]["state"] = "$email";
        $requestJ = json_encode($request);   //convert the array into json
        $result = $_SESSION['client']->withTenantId($_SESSION['tenantID_login'])->startPasswordlesslogin($requestJ);
        if (!$result->wasSuccessful()) {
            log_message('error', $result);
        }

        $code = $result->successResponse->code;
        //send the email
        $request = array();
        $request["code"] = $code;
        $request["X-FusionAuth-TenantId"]=$_SESSION['tenantID_login'];
        $request["user"]["data"]["admin_email"] = $email;
        $requestJ = json_encode($request);   //convert the array into json
        $result = $_SESSION['client']->sendPasswordlessCode($requestJ);
        if (!$result->wasSuccessful()) {
            log_message('error', $result);
        }

Are there any error messages in a log?

It has been a year since I first complained about getting this error. I am wondering if there have been any revelations since that time? I have switched over from using my laptop with ngrok to using EC2. I am getting the same exact error (from the same code). Just as a reminder, I am sending the passwordless email to a user. When they click on it they get this popup from fusionAuth.

{
"error" : "invalid_request",
"error_description" : "Invalid redirect uri https://researchstudyonline.com:81/index.php/Configure/report_generator_amazing",
"error_reason" : "invalid_redirect_uri"
}

Is there anyway to see what is causing this error?

@maciej-wisniowski
Thanks. Yes, I am using docker compose. And all the parts are running in a single container. The idea is to make each container (thus each server) a "system unto itself", with its own landing page, application and FA.

Now on FA, I guess I really only need one on the main server. When users try to login to a specific server, they will go to my app running on that server. I will try to authenticate them on the FA on the main server. The way I see it, which server (and thus which FA) they use doesn't matter since they are all connected to the same mysql RDS.

Once authenticated (by the main server's FA) they will remain on their server. The problem I see is that I need to send FA the IP address of the server they will be logging into. But I don't know that IP address, since the AWS load balancer made that decision without me being involved. Any idea how to tell FA what IP to use when I don't know it? On my development machine I just use ngrok which points at localhost.

It has been a while. I have my app finished except for the FA part. The way that this is architected is that in my docker container I run Apache with my app, FA, Wordpress. I need to get this container running on my Ec2 instance. Do I need to install FA onto the server by itself? Or is the fact that it is running in my container mean that once the container is uploaded to the server, FA will be up there too?

Are there any directions for installing FA to a server?