FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. Categories
    3. Q&A
    Log in to post
    Load new posts
    • Recently Replied
    • Recently Created
    • Most Posts
    • Most Votes
    • Most Views
    • danD

      Solved How can I implement a client credentials grant with FusionAuth?

      grant client creds • • dan
      3
      0
      Votes
      3
      Posts
      3.0k
      Views

      danD

      An update! The client credentials grant is now available in paid editions of FusionAuth.

      Here is the documentation:

      https://fusionauth.io/docs/v1/tech/oauth/#configure-entities

      https://fusionauth.io/docs/v1/tech/oauth/#example-client-credentials-grant

    • F

      This topic is deleted!

      • • fred.fred
      1
      0
      Votes
      1
      Posts
      6
      Views

      No one has replied

    • D

      Using FusionAuth In React Native

      • • developer
      2
      0
      Votes
      2
      Posts
      595
      Views

      danD

      Did you ever find a solution @developer ?

      For the first issue, did you turn off client authentication in the FusionAuth application OAuth tab?

    • danD

      Too many connections error with mysql

      mysql database connections error • • dan
      3
      0
      Votes
      3
      Posts
      8.8k
      Views

      danD

      And now it works fine with 152 threads connected, so unable to reproduce this.

      I'll keep an eye out for this behavior and file an issue if it pops up again.

      For the record:

      FusionAuth 1.27
      installed via zip file
      Mysql 8.0.23 installed/managed via homebrew on the mac.

    • D

      Entity - create/update/delete API?

      api • • dhait
      2
      0
      Votes
      2
      Posts
      2.8k
      Views

      danD

      We were working on getting it documented and it shipped yesterday. Sorry for the delay!

      https://fusionauth.io/docs/v1/tech/apis/entity-management/ outlines all the relevant APIs, including entity CRUD.

      You might also be interested in the client credentials grant, one of the main use cases:

      configuring entities for the client credentials grant: https://fusionauth.io/docs/v1/tech/oauth/#configure-entities an example client credentials grant: https://fusionauth.io/docs/v1/tech/oauth/#example-client-credentials-grant
    • M

      metaData supplied to /api/login

      • • Moonshine
      4
      0
      Votes
      4
      Posts
      2.4k
      Views

      joshuaJ

      @Moonshine,

      Glad you found it in our UI!

      Thanks,
      Josh

    • danD

      Shutting down FusionAuth cloud deployments

      cloud deployment • • dan
      2
      0
      Votes
      2
      Posts
      1.2k
      Views

      danD

      No, it is more like terminating an EC2 instance. All data is lost.

      If you have user data you'd like to retain, please request a database dump before destroying your deployment.

    • P

      This topic is deleted!

      • • payalnovelvista
      1
      0
      Votes
      1
      Posts
      6
      Views

      No one has replied

    • P

      Not able to Login with Apple ID

      • • progressman
      6
      0
      Votes
      6
      Posts
      3.8k
      Views

      T

      Posting here in addition to GitHub: The issue for me was that the signing key didn't have the right Apple-provided key identifier, which goes in the kid field of the client_secret JWT header. Recreating the private key with that identifier fixed the issue.

    • J

      Email Template URL Calculation

      email templates url • • jim.sadden
      4
      0
      Votes
      4
      Posts
      3.0k
      Views

      robotdanR

      A couple of options:

      You could optionally configure a different template for each tenant so you could hard code the correct URL in each template.

      You could also add the correct URL to the tenant.data and then pull it out in the template during render so you could use the same template across tenants.

      If the state parameter is working well for you for other APIs, you could open a feature request in GH to add this to the API in question.

    • O

      fusionauth doesn't open

      • • origho9
      2
      0
      Votes
      2
      Posts
      823
      Views

      robotdanR

      You're getting an error during Tomcat startup while trying to bind 9011. FusionAuth will bind 9011 by default, so if you have anything else listening on that port startup will fail.

      You can shut down anything else using that port, or change the default port FusionAuth is using so that you don't conflict with other valid services on the system.

      See the config reference for changing the ports. ( FUSIONAUTH_APP_HTTP_PORT )
      https://fusionauth.io/docs/v1/tech/reference/configuration/

    • joshuaJ

      What is an easy way to set up a dev env after having a running production environment?

      • • joshua
      2
      1
      Votes
      2
      Posts
      3.4k
      Views

      joshuaJ

      ❗ Move slowly - make sure to fully decouple production and dev instances. Some pointers or guideposts--

      Assuming you're running on your own infrastructure.

      Clone the production FusionAuth DB Point a new dev installation to it Caveats: If you have webhooks enabled that may start making requests out to prod infrastructure from a new “dev” instance. If you do have webhooks, you could start it up air-gapped and then disable everything that could contact an external system before you enable outbound traffic. As long as the dev instances are the same version or greater it should work. You wouldn’t be able to attach the db to an instance running an older version than the schema.
    • V

      Unable to send Magic Link (Test mail works fine)

      • • vignesh
      2
      0
      Votes
      2
      Posts
      712
      Views

      joshuaJ

      @vignesh,

      There are a lot of potential issues that could be at play. Any additional information about your configuration/error logs might be helpful. Also, have you reviewed our documentation here regarding passwordless?

      Also, as a quick take, you could install something like Mailcatcher to further check to see if the mails are even being sent.

      Thanks,
      Josh

    • M

      Unable to create user with registration (combined)

      • • mayank
      2
      0
      Votes
      2
      Posts
      1.8k
      Views

      joshuaJ

      Referencing/linking updated conversation here:
      https://fusionauth.io/community/forum/topic/973/fusion-auth-upgrade-failing-user-registration?_=1619623366378

    • E

      Set time server for FusionAuth container

      • • erikh
      2
      0
      Votes
      2
      Posts
      1.2k
      Views

      joshuaJ

      Hi @erikh!

      Welcome to the FusionAuth Community!

      I might need more details, as I have only a functional familiarity with Docker and container orchestration. As I understand it, NTP is a service that can be added to your container. But like I said, I might need more context to fully understand your issue. A quick look through the Dockerfile and docker-compose does not show any timeserver options being enabled.

      Any other details about what you have tried, potential pitfalls that you are seeing, or errors may be useful.

      I am also posting here (perhaps perfunctorily), the available documentation on FusionAuth for docker installation:
      https://fusionauth.io/docs/v1/tech/installation-guide/docker/

      The repo supporting FusionAuth containers is here:
      https://github.com/FusionAuth/fusionauth-containers

      The docker files are here as well:
      https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/

      Thanks and let us know. Happy to assist you in resolution as able.

      Thanks!
      Josh

    • M

      Fusion auth upgrade failing user registration

      • • mayank
      3
      0
      Votes
      3
      Posts
      2.1k
      Views

      joshuaJ

      Hi @mayank!

      Apologies that you are having difficulty with this upgrade!

      Do you have any more details on the types of errors you are receiving? Any errors logged to the event log or system log would be helpful in troubleshooting this as well. Can you provide the full endpoint that you are attempting to hit? Any other details about your setup would be helpful in diagnosing.

      Thanks for the input and look forward to hearing more soon.

      Thanks,
      Josh

    • V

      Disable username and password, and only use passwordless with an OTP code?

      • • vaibhav
      2
      0
      Votes
      2
      Posts
      512
      Views

      joshuaJ

      Hi @vaibhav!

      Yes, this should be possible. The short answer is that you will want to review our documentation found below:

      https://fusionauth.io/docs/v1/tech/themes/
      https://fusionauth.io/docs/v1/tech/guides/passwordless/

      Another user, borograd, had a related post here as well:
      https://fusionauth.io/community/forum/topic/899/any-simple-was-of-doing-apple-google-only-login/3?_=1619622757240

      I hope this helps!

      Thanks,
      Josh

    • danD

      External validation of users on registration

      external registration validation • • dan
      2
      0
      Votes
      2
      Posts
      3.0k
      Views

      danD

      You can use the user.create or the user.registration.create webhook to do something like this.

      If you enable these webhooks and configure the transaction to require the webhook to succeed, then you simply need to return a non-200 status code from the webhook to cause FusionAuth to fail this create.

      https://fusionauth.io/docs/v1/tech/events-webhooks/#tenant-settings
      https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-create
      https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-registration-create

    • A

      JKU in JWT Header

      • • amar.sibia
      6
      0
      Votes
      6
      Posts
      2.6k
      Views

      danD

      Updated the JWT populate lambda doc to make it clear that headers aren't modifiable at the present time: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/

    • danD

      How can I pass info from a external identity provider to a JWT in FusionAuth

      jwt identity provider customization • • dan
      2
      0
      Votes
      2
      Posts
      3.5k
      Views

      danD

      The way to do this is to use the user.data or registration.data objects as a transfer mechanism.

      If you are using OIDC (SAML is much the same, but I'll use OIDC as an example), you can create a OIDC Reconcile Lambda. It might look like this:

      // Using the JWT returned from UserInfo, reconcile the User and User Registration. function reconcile(user, registration, jwt) { user.data.favoriteColor = jwt.favoriteColor; }

      So the jwt in this case is that returned from the OIDC identity provider. We store the data in user.data.

      Now we need to pull it off of the user.data object using a JWT populate lambda. That might look a little something like this:

      // Using the user and registration parameters add additional values to the jwt object. function populate(jwt, user, registration) { jwt.favoriteColor = user.data.favoriteColor; }

      favoriteColor is now available as a claim in the JWT produced by FusionAuth.

      Don't forget to assign your lambdas to the correct operations. The OIDC Identity provider needs to be configured with the reconcile lambda. The application's JWT tab is the right place to configure the use of the JWT populate lambda.

      More information on all the lambda options available here: https://fusionauth.io/docs/v1/tech/lambdas/