@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens
mark.robustelli
@mark.robustelli
Best posts made by mark.robustelli
-
RE: Salesforce error: Id_Token_Error: Missing or invalid iss
Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?
-
Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key
I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.
I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.How do I add the required key to FusionAuth?
Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'. -
RE: 3rd Party Authentication
@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.
Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?
-
Using Analytics to Track Registrations
What is the best way for analytics tracking after a user has successfully registered?
-
RE: 3rd Party Authentication
@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.
-
Multi-Region Cloud Setup
Does FustionAuth support multi-region active-active set-up for cloud services?
-
RE: 3rd Party Authentication
@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select
Applications
. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here. -
RE: Add User to group not working
@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.
-
RE: 3rd Party Authentication
@it-contracts, which license did you purchase? If you selected the Essentials Plan you should have access to the Account Portal and may receive support directly through email if this is time sensitive.
Latest posts made by mark.robustelli
-
RE: Random Unavailability of Dedicated FusionAuth Instance from GKE (Impacts Site Availability)
@jacob-0 Sorry to hear you are having issues. Thank you for the detailed post explaining it. Unfortunately, random unavailability can be very difficult to troubleshoot.
Based on your explanation, it seems as though the instance is available from outside the GKE cluster. Could this be an issue with one of the pods going down and being restarted and the internal networking not recognizing the change? I don't quite see how it would still work from the outside, but is there any evidence of pods restarting around the down time?
-
RE: Performance issues when retrieving applications
@yuriy-barvenko Performance tweaking can be tricky. It really depends on what your goals are. If you create indexes to improve searching things, it could slow other things down like the login. It may also depend on which database you are using. What DB are you using? What is the purpose of the information you are trying to get? Does it have to be real time? Are there alternatives like data dumps that you could use? Also, you say "the response times are significantly higher than expected." What is this based on? How many users and roles do you have in the system and what is the expected response time? What is the requirement for response time vs what is expected?
-
RE: Access redirect_uri from accountTwoFactorIndex
@bill-yudichak Can you please get us a little more detail. A screenshot may help. I do not see a "Go Back" link when I enable multi-factor for my app. Also, what is the accountTwoFactorIndex template you are referring to?
-
RE: Connector not persisting claim
@helzgate I was focusing on your issue with the lambda not firing. You are correct in that you do not have access to the url in the lambda.
Let's take a step back here and take a look at the connector. Can you tell me how that is set up and what values are being returned from it? I'm thinking you may be able to add the return_url in the values returned from that.
-
RE: Connector not persisting claim
@helzgate Just to verify, is this a JWT Reconcile lambda (you may need to try External JWT Reconcile as well depending on what you are doing)? And you have it assigned to your applicaiton?
Beyond that, I think I need a little more detail on exactly how you have things set up. What are you trying to migrate from? That sort of thing.
-
RE: Back to maintenance mode
@marshsouvlakia What version of mysql are you running? Were there any updates recently? Anything that may have changes from when it was not working to now? Have you tried a restart?
-
RE: OpenID Connect doesn't fallback to non-PKCE if provider doesn't support it
@yves So I found this that may be of interest to you.
For the Authorization Code Grant, if the clientAuthenticationPolicy value is Required, the client secret is required. If the value is NotRequired, the client secret is not required. If the value is NotRequiredWhenUsingPKCE and PKCE is used, the client secret is not required. If PKCE is not used, the client secret is required.
What is your setting there?
-
RE: Connector not persisting claim
@helzgate What kind of lambda are you using? You should enable debugging for the lambda and then you can be sure to see if it is running or not.
-
RE: Mule 4 - Workday connector
@infobrother4 So which way are you trying to move information? Into FusionAuth from Workday or into Workday from FusionAuth? What connecter are you trying to use?
-
RE: OpenID Connect doesn't fallback to non-PKCE if provider doesn't support it
@yves Would it be possible for you to share a simplified code sample?