FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. Categories
    3. Q&A
    Log in to post
    Load new posts
    • Recently Replied
    • Recently Created
    • Most Posts
    • Most Votes
    • Most Views
    • A

      Unsolved Connectivity pricing questions

      pricing entities sales client creds • • arjunyel
      2
      0
      Votes
      2
      Posts
      1.7k
      Views

      danD

      @arjunyel

      Connectors are documented here: https://fusionauth.io/docs/v1/tech/connectors/

      Machine to machine auth is the client credentials grant: https://fusionauth.io/docs/v1/tech/oauth/#example-client-credentials-grant

      Does 100 Machine To Machine Auth mean you can have 100 API entities?

      Yes, that is correct.

    • S

      Solved Cluster install

      cluster install postgresql • • sandrinho
      6
      0
      Votes
      6
      Posts
      3.6k
      Views

      S

      @dan unfortunately not yet in production due to issues not depending to me... but the cluster seems working... I also succeed to perform a software upgrade to the latest fusionauth version.

    • A

      Unsolved This topic is deleted!

      • • aleksandr.vits-rimer
      1
      0
      Votes
      1
      Posts
      4
      Views

      No one has replied

    • Y

      LDAP connector resets User Registrations

      • • yb98
      7
      0
      Votes
      7
      Posts
      2.3k
      Views

      danD

      @jared GitHub issues are the right place for feature requests, thanks!

      There's an 'additional context' section for feature requests, and you can feel free to link back to these forum posts. That can help enrich the discussion when the eng team reviews requests to prioritize them.

      Cheers!

    • C

      Unsolved Login blocking.

      • • crystar
      3
      0
      Votes
      3
      Posts
      438
      Views

      L

      @crystar Another choice would be to utilize custom integration code in order to set a cap on the number of sessions (refresh tokens) that a single user is permitted to have scoped to them.

    • D

      Unsolved Simplify Login/Signup Flow with Google One-Tap

      • • dev 3
      3
      0
      Votes
      3
      Posts
      3.1k
      Views

      D

      how to make our login credential more secure of my website. You can use the change wp login plugin in your wordpress website to make it more secure.

    • D

      Configuration options for MFA

      • • david.oggier
      3
      0
      Votes
      3
      Posts
      782
      Views

      danD

      There are plans for enhancing MFA in the future. You can view this github issue for details and progress: https://github.com/FusionAuth/fusionauth-issues/issues/960

      If you don't see an issue corresponding to your desired enhancement, please file one.

    • A

      Unsolved Trying to reach the password/complete page, getting redirected.

      • • agalemmo
      2
      0
      Votes
      2
      Posts
      2.3k
      Views

      danD

      @agalemmo I'm not sure I'm following. It sounds like you are saying:

      I want folks to reach the password complete page I want the client_id to be present (for styling) But I don't want the redirect_uri, because that sends the user elsewhere

      Is that correct?

      Would it be helpful to you to add another redirect_uri (you can have multiple configured for an application) that took someone to a 'password change complete' page that you (not FusionAuth) hosted?

    • S

      Unsolved Error 404 when trying to login using access token

      token php login-api • • seednextsrl
      2
      0
      Votes
      2
      Posts
      2.3k
      Views

      danD

      @seednextsrl you typically don't use the access token as a login password.

      The access token is what you present to other applications as proof that someone has logged in.

      There are a few FusionAuth APIs you can call and present the access token as a means of authentication. They are marked with a little blue person.

      Here's more about API authentication: https://fusionauth.io/docs/v1/tech/apis/authentication

      Here's an example of an API which uses a JWT to authenticate: https://fusionauth.io/docs/v1/tech/apis/users#retrieve-a-user (scroll to the "Retrieve a User using a JWT" section).

    • S

      Unsolved Forgot-password

      • • sujata.kattimani
      2
      1
      Votes
      2
      Posts
      4.3k
      Views

      danD

      @sujata-kattimani

      You can change the password using the User API and updating the user's password attribute:

      https://fusionauth.io/docs/v1/tech/apis/users#update-a-user

      Does that help?

    • F

      Unsolved Wrong logout URL being returned ?

      • • francis.ducharme
      7
      0
      Votes
      7
      Posts
      4.5k
      Views

      F

      @dan said in Wrong logout URL being returned ?:

      @francis-ducharme What is your setting for logoutBehavior for each application config? All applications or redirect only?

      By default it is 'all applications' which means that FusionAuth, on logout, will call each application's logout url (to ensure that the user is logged out of all applications). It does this via an iframe, so I'd expect both to be requested. https://fusionauth.io/docs/v1/tech/guides/single-sign-on#configure-the-applications-in-fusionauth has a bit more.

      I'm not sure why you are ending up at localhost for the dev app, though.

      That was it. All my application's logout behavior were set to "All Applications". "Redirect" only made it so the browser doesn't get redirected to "localhost".

      Thanks!

    • danD

      Unsolved When and how should I validate a JWT issued by FusionAuth?

      jwt validation • • dan
      2
      0
      Votes
      2
      Posts
      4.0k
      Views

      danD

      Validating the token on every new connection is considered best practice as it is the most secure.

      There are two ways to validate a token. You can do it within your own application code leveraging a library that checks the signature and validates the claims (this only works when you sign your JWTs with a public key). Or you can do it by calling out to FusionAuth, and then validating the claims. For scalability/simplicity reasons, we recommend using the library unless there are reasons it won't work

      By doing this server side using a library you no longer need to make the API call to FusionAuth to perform the validation. You would only need the public key of whichever signing key was used by FusionAuth. More on that here: https://fusionauth.io/docs/v1/tech/core-concepts/key-master#overview The public key is available via JWKS.

      When using keys we also recommend you think about key rotation, explained in more detail here: https://fusionauth.io/docs/v1/tech/tutorials/key-rotation

      If you decide on leveraging the endpoints (making a call to FusionAuth) for validation, here are a couple links that can be used depending on your scenario.

      https://fusionauth.io/docs/v1/tech/apis/jwt#validate-a-jwt (proprietary)
      https://fusionauth.io/docs/v1/tech/oauth/endpoints#userinfo (part of the OIDC standard)

      In both cases, you must validate the claims. Some are standard, as outlined here: https://fusionauth.io/learn/expert-advice/tokens/anatomy-of-jwt#claims-to-verify

      But there may be app specific custom claims your code should verify too.

    • P

      Unsolved Any way to have password 'minimum age' exemption for default FusionAuth-generated passwords?

      • • philip.smith
      2
      1
      Votes
      2
      Posts
      6.5k
      Views

      danD

      @philip-smith This looks similar to this prior discussion: https://fusionauth.io/community/forum/topic/1082/do-not-enforce-minimum-password-life-restrictions

      I don't know of any workaround, but this seems like a reasonable request.

      You can file an issue requesting this functionality: https://github.com/fusionauth/fusionauth-issues/issues and we'll put it in the backlog.

    • D

      Unsolved AD group members-only authentication?

      • • dan.anderson
      2
      1
      Votes
      2
      Posts
      364
      Views

      danD

      @dan-anderson

      I'd probably look at a transactional webhook on the login success event. That code can examine the user, call out to AD if needed, and if it returns a non-2xx status, will prevent login.

      More here: https://fusionauth.io/docs/v1/tech/events-webhooks/

    • J

      Unsolved This topic is deleted!

      • • jbtruffault
      1
      0
      Votes
      1
      Posts
      1
      Views

      No one has replied

    • M

      [ERROR] FusionAuth's login page redirecting issue on Android

      • • marco
      6
      1
      Votes
      6
      Posts
      6.2k
      Views

      F

      @mgetka thanks so much for the explanation.

      "to redirect iOS users directly to pseudo protocol. And redirect all the android user to a custom interstitial site. "
      I believe this would be the only option for the time being.

      Deep Linking doesn't work at least for my application:
      Flutter -> flutter_appauth(4.0.1) -> fusionauth

      While the same scenario could work with Auth0, following this blog.

      Comparing with the solution with FusionAuth.
      FusionAuth open a new tab for Facebook and Google login.

      While Auth0 continues on the same page with a page redirection.

    • danD

      Unsolved limiting registration

      • • dan
      2
      0
      Votes
      2
      Posts
      433
      Views

      danD

      I'd probably use a transactional registration webhook for the first situation. This can return a non 2xx status if the domain is unacceptable and the registration won't complete.

      For the second one, you could use a populate JWT lambda to add the role to the token if the user has the correct domain. If you need it persisted you could call FusionAuth APIs within the lambda (this functionality is limited to certain paid versions) or use a registration complete webhook to augment the roles (but this won't help with the initial registration, so should be combined with the lambda if used).

      More here: https://fusionauth.io/docs/v1/tech/events-webhooks/ and https://fusionauth.io/docs/v1/tech/lambdas/

    • J

      Unsolved FusionAuth community version for a commercial system

      • • johnmiller
      3
      1
      Votes
      3
      Posts
      1.1k
      Views

      danD

      Also, we just updated the pricing page to make it clearer that the Community edition can be used with commercial applications.

    • J

      Unsolved How to achieve multiselect dropdown using 'Advanced Registration Form' custom form field

      • • jitendra.sabat
      2
      0
      Votes
      2
      Posts
      673
      Views

      danD

      @jitendra-sabat

      We don't have an out of the box form control for a multi-select, but you can create one using the theme customization. You should start with a custom form field with a check box form control type because it supports multiple values.

      As long as the serialized version of the form is valid and matches the data type you set in the field definition, it should work.

      So, start with the checkbox list, and ensure that is functional, and then you can re-write that control or style it however you want in the themed template, or via JavaScript.

    • J

      Unsolved How to add/alter attributes of a 'Advanced Registration Form' form field

      • • jitendra.sabat
      2
      0
      Votes
      2
      Posts
      581
      Views

      danD

      @jitendra-sabat

      Hiya,

      You can add keys to the messages.properties file. Here's a blog post that illustrates this: https://fusionauth.io/blog/2020/09/01/theme-registration-form

      In that post, the registration.data.minprice field is one of the custom fields.