RE: Set up SSL for Netty

We will be moving off Netty to a new HTTP server in the coming weeks. This new server will have the ability to add TLS keys and we are expecting that to be available via the FusionAuth configuration file. In the meantime, the best solution is to use Nginx or Apache in front of FusionAuth to provide TLS.

@tarun-verghis Ensure your database is listening on a valid IP and that you have the ability to connect to it using username/password. This is usually configured in the pg_hba.conf file and requires a line like:

host    all             all             127.0.0.1/32            md5

If you only have lines that say trust then FusionAuth won't be able to connect since it doesn't support local sockets or local connections.

In my opinion, JWTs aren't insecure by default. Rather, they have the ability to be insecure via the none algorithm, while in practice, no one ever uses the none algorithm and FusionAuth doesn't even support it. In most cases, JWTs are only signed and there is an entirely separate specification for encryption, which is quite complex.

Paseto on the other hand is always secure via signing or encryption. Having signing and encryption baked into a simpler specification is a plus. That doesn't necessarily mean that JWTs are bad though. And certainly FusionAuth's support for JWTs is always secure via signing.

Hi @mehr-prs. We have an open issue that is tracking this:

https://github.com/FusionAuth/fusionauth-issues/issues/1

This feature is to support multiple identities, but it also covers adding new identity types. As part of this feature, we likely will implement support for phone number identities including full validation and verification for them.

Please upvote that issue if you feel it covers your requirements. This helps us prioritize features on our roadmap for the rest of 2020.