@utahtwo I tried that and was unable to make it work a few months back. @joshua filed an issue here: https://github.com/FusionAuth/fusionauth-issues/issues/1532

The simplest solution if you are self hosting is to run a different instance of FusionAuth on a different port against a different database. I've done that successfully.

@joshua

I have inserted the code and id_token in the API call as you mentioned and
My logs had been cut off, The following are the complete logs,

Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775] 7/7/2022 12:18:37 PM GMT Validate the provided [id_token] value [eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJldm9sdXRpb25jYXJzLmRlbW8iLCJleHAiOjE2NTcyODI1NzcsImlhdCI6MTY1NzE5NjE3Nywic3ViIjoiMDAwNzA1LjQ5YTA5ZjYyNTMyNjRhMDNhYTQ5N2ExYTlhYzI3MDY5LjE0MTciLCJhdF9oYXNoIjoiWTRsTVlESkRITHdteldpc3FzbTY2ZyIsImVtYWlsIjoiZ2FuZXNobW9vcnRoeTU5OTlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiYXV0aF90aW1lIjoxNjU3MTk2MTU5LCJub25jZV9zdXBwb3J0ZWQiOnRydWV9.aK7dDZdZSue6gCpmba0YL8PVX2qkbru-4DE0NNNBKBKnqN2uFmwgbcjYRqb-jj4UIKCibDcUSsd4mbD9wRHK4o8rH8M_ZCBdgJ8cIr1sx8JTQ7M1BOSyap7GsxWzPdR_stCJn7xWBeUulRtpWdemj-H3_6DwMQak0E4IG2ZxAdTwmTz464FGynmbmXQaKBqqLJP5WXFagLHZNFZeCd9Tr458B3__KGcPni912IwHLl1Yhhn-oqLm7RU5Ck5iTPZfvW2oZwljtdilCONVzXHsyHnL0hPZcvzrlxWXxXhljpg_VeuS-M53amL2JgAQRjloFARBqfRWW3zt5qdRYVYl1w] 7/7/2022 12:18:37 PM GMT Decode the [id_token]. 7/7/2022 12:18:37 PM GMT Assert the [iss] claim is equal to [https://appleid.apple.com]. 7/7/2022 12:18:37 PM GMT Assert the [aud] claim is equal to [com.revolutioncars.demo]. 7/7/2022 12:18:37 PM GMT Calculate the [c_hash] to ensure the integrity of the provided [code] value []. 7/7/2022 12:18:37 PM GMT The [id_token] integrity check failed. Expected a [c_hash] of [null] and found [47DEQpj8HBSa-_TImW-5JA].

We managed to figure it out. It was a build error where IntelliJ was not updating the dependency. Thanks for the help.

@t-vanherwijnen said in Choose/pick application flow:

Can you explain how?

Ah, there's no way to stop them being set on the FusionAuth side, sorry for the confusion. But your application, which gets the access token in a request from your client, can certainly choose to ignore any cookies it receives.

That's what I meant.

If you'd like to be able to configure FusionAuth to not send the cookies, that'd definitely be a feature request. Please feel free to file one: https://github.com/fusionauth/fusionauth-issues/issues

I'm also facing the same issue. When someone send me email. I am totally unable to get it in my inbox or spam folder. What is the appropriate solution to come out from it.

@ezeilo-su This looks like it got cut off. Can you re-post?

@quanluong1102nd this thread might be helpful: https://fusionauth.io/community/forum/topic/2054/fusionauth-websockets

Bug filed here: https://github.com/FusionAuth/fusionauth-issues/issues/1740

@jason Looks like a bug to me. Either a code bug (where we should update it) or a doc bug (where we should note that the lastUpdateInstant isn't changed).

Can you please file an issue about this: https://github.com/fusionauth/fusionauth-issues/issues and we'll slot that into our work queue.

For a workaround, the only thing I can think of is to listen for the user.deactivate event: https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-deactivate

You could create a custom user.data.deactivateTimestamp and set that when the webhook fires.

@audrew31

A JWT is stateless, so there's no 'online status'.

FusionAuth does tell you if a user has a valid refresh token, and that's the closest thing it offers.

Here's some more information about tokens that might be helpful to you: https://fusionauth.io/learn/expert-advice/tokens/

@nicholas-tsaoucis

You could either store off the user object on first login (into a session or something similar) or call 'retrieve user' using the user API and presenting a JWT.

https://fusionauth.io/docs/v1/tech/apis/users#retrieve-a-user

I don't think you're doing anything wrong by doing so.

@raomuneeb-khalil Thank you!

Created a Github issue here https://github.com/FusionAuth/fusionauth-issues/issues/1731

@dan thanks a lot, it works.

@bvb1992bvb The community edition supports TOTP for MFA, but you have to build your own 'auth setup' page using the APIs and QR code generation libraries.

The account self service pages are part of the paid edition feature set. Those appear to be what you are viewing, but if that's not the case, please let us know.

You can get a free trial of the starter plan for a month from the pricing page: https://fusionauth.io/pricing if that is of interest.

@dan Issue created here:
https://github.com/FusionAuth/fusionauth-issues/issues/1717

@dan I did not have FUSIONAUTH_APP_MEMORY set so it was just at the default value.
I upped the value to 1gb when the container had 1gb and it no longer crashed with out of memory errors however the container would still die then restart. Not seeing any logs for it.
I tried making the value smaller than 1gb but it behaved the same. I then upped the container to 2 gb of memory and set FUSIONAUTH_APP_MEMORY to 1gb. Now it seems to be working ok and not crashing. Is there some further performance tuning that I can do on it?

@dan Thanks for the reply Dan, I'll go ahead and discuss this with my team before we go any further.

Just to double check, could the FusionAuth team revise this document's flow chart of the logout request if it's no longer correct? https://fusionauth.io/docs/v1/tech/guides/single-sign-on, or perhaps specify that the Logout request is specific to the FusionAuth app, not Pied Piper? Thanks.

e27f08e0-7665-46f9-a89f-f26637003a18-image.png