@hershellasagna Other than server error, I got it resolved. I'm now able to login without issues. In the end it was my on-line server set-up. I thought my SSL certificate was set-up but it wasn't. Once it was, it starting working. Thanks again for replying, it definitely got me going in the right direction!!

That was the same things happens with me.

@craig-hind I would appreciate it if you could share with us your QRCoder code snippet that solves the problem. You could email it to me ying.morris@gmail.com
Thanking you in advance.

@dan This was delivered in 1.43. More details in the release notes: https://fusionauth.io/docs/v1/tech/release-notes#version-1-43-0

@chadterry Looks like issue 971 was completed.

Were you unable to use the latest version (1.43.0) when installing on windows to the typical windows program directories?

Hi Dan,

We already have an issue: https://github.com/FusionAuth/fusionauth-issues/issues/1955

But please allow me to reiterate once more, as I get the feeling the issue is now downplayed a bit to being a developer experience-issue.

We want a centralized / hosted authentication-solution, that we don't have to maintain ourselves. So… We have a hosted FA-instance and try to use the hosted login and registration views. There is an external API, though, that we Ping using a webhook for authorization purposes. This checks if application-access for a given user is still up to date with our own administration. If not the webhook returns a non-200 response and we update FA using an API-call accordingly. The webhook works very nice, and will be even better as soon as we get to customize its error message, which, I believe is already on your development-calendar (https://github.com/FusionAuth/fusionauth-issues/issues/1725) When the webhook fails we get a nice error message in the hosted interface that we can customize even. All is well. There's one exception to this, that is when the webhook fails after entering the MFA-challenge. Then we, all of a sudden don't get the webhook-error message, that we have customized, but an error message the MFA-challenge is incorrect. Which it is not. And which confuses our users, as they try another OTP-token, or even worse: another SMS, but it keeps failing. The token is not wrong. The webhook is failing. Everywhere the interface reports this correctly, except for this one, crucial, place: the entering of the MFA-challenge.

I see no way to customize this behavior, as a developer. This is not a developer experience issue, I feel, this is a bug.

@hofmanndavid Have you tried adding the HTTP header (X-Forwarded-Port: 443)?

@joshua Thank you ✌

@nick-1

You will want to ensure that you have activated your license to enable the use of the HTTP Connect functionality in lambdas. We have more in our documentation below.

https://fusionauth.io/docs/v1/tech/admin-guide/licensing#adding-your-license-to-your-instance

Please let us know if you require additional assistance.

Thanks,
Josh
FusionAuth

@glen ,

Thanks for your question and I really appreciate the other feedback you've given us (on GitHub and here).

While I'm not going to go into the details of the cloud upgrade process, we don't just swap out the installation; there's some other things that happen to ensure upgrades are robust.

We've outlined the downtime expectations here so that it's transparent for everyone and they can choose options that work for them.

I'd also point out that you control the upgrade timing and if you upgrade every single major release (we average about 10/year) that is approximately 50 minutes of downtime, which is 99.99% uptime (that's a ball park, of course, assuming no other downtime and no major database changes that make the upgrade longer).

Finally, I'll pass on your feedback to the engineering team.

@nick-1 Thanks for sharing your step by step process. I know that AWS throttles port 25 on all EC2 instances, but am not sure about Fargate/ECS: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/

Perhaps that was the issue?

@nick-1 said in ERROR: Role "fusionauth" is a member of "fusionauth":

Not sure if you have a recommendation on how to manage clustered fusion auth app upgrades requiring db migrations in a CI/CD pipeline?

Here's our general upgrade guidance:

https://fusionauth.io/docs/v1/tech/admin-guide/upgrade#downtime

Our migration scripts are consistently named, so you should be able to pull down the zip file, see if any new migrations are present, then apply them in order.

@nicholas-tsaoucis Glad you figured it out, thanks for closing the loop!

@joshua

FA version 1.31.0
typescript-client-1.32.1

@muravyov-alexey

Glad you figured this out. This might be in the domain of Twitch as they are the ones returning that error code to FusionAuth.

On paid editions, we do have a guide that you can follow for the Twitch provider (sounds as though you may be aware)

https://fusionauth.io/docs/v1/tech/identity-providers/twitch/#undefined

Thanks,
Josh

@boniface

Finally got it to work. Thanks, @joshua & @fred-fred . Turns out the credentials to SendGrid were wrong. I reckon the error message sent me off the scent. I thought it was to do with the system rather than the response from the external system because changing SMTPs was giving me same error message.

It is working now and thanks for the help

Interestingly, we are also looking at using this self service module as an "embedded" page in our application. If the user doesn't select "remember me", how would one pass the authentication information from the logged in application to this module?

Is embedding / using this page inside another page (without requiring a second login) a use case for it?

@muravyov-alexey Thank you!

@nikhil-shrivastav

Thanks for the question. I have addressed in our support other related support thread.

Thanks
Josh

@muravyov-alexey

Not sure what it is need for, but if it is correct then better put some hint about this in GUI near the option.

Good suggestion! I have logged an issue for consideration.

https://github.com/FusionAuth/fusionauth-issues/issues/1542

Hmm. In my view, this makes sense. Here are two cases to consider

jwt.refresh-token.revoke - maybe there are some application-level events that need to take place based on this event. In the right context, this might be functionally equivalent to "logging someone out." If someone was logged out (forcibly) from your application, then you might want to take action based on that (remove them from a list, or make another programmatic check, etc).

user.action - maybe this user was actioned for any number of application-specific reasons that you might want to respond to.

Everything else is scoped to a tenant, from my understanding.

I hope this helps. Thanks for the feedback.

Thanks,
Josh