Yes, you could connect one FusionAuth to another using an OpenID Connect Identity Provider or SAML v2.

You are correct. The verified flag exists on the corresponding user and the registration. You could optionally use the "verify registration" templatefor this purpose.

If you then ignored the verified: false flag on the registration in your code, it should not impact you.

Another option would be to listen for the user.registration.create event and then fire off an email on your end, or call the Email Send API to send a pre-made FusionAuth email template as a welcome event: https://fusionauth.io/docs/v1/tech/apis/emails/#send-an-email

Will this one work for you?

https://fusionauth.io/docs/v1/tech/client-libraries/netcore/
https://github.com/FusionAuth/fusionauth-netcore-client
https://www.nuget.org/packages/FusionAuth.Client/

I thought that might be a possibility and later tried a t3a.small (vs. t3a.micro) in a new install. So far that's has been working. (As far as anything else on the box - nothing. I like to dedicate at least one VM per major system.)

There's no way to create such a super admin account that can't be modified in FusionAuth.

Options I can think of to achieve something similar:

make sure you have database backups (a good idea anyway) and recover from your last backup if an admin deletes/locks the primary admin account. Or just investigate the FusionAuth database such that you can flip the bit in there if anyone ever locks the primary admin account. create a second tenant and create a tenant scoped API key. Then build whatever user management tooling you need using that API key. The super user will remain untouched and inaccessible in the default tenant. limit people to the roles that they need and never provide anyone with the user_deleter or user_manager role. The user_support_manager role may be helpful to you: https://fusionauth.io/docs/v1/tech/core-concepts/roles/

Only the last one allows users other than the superadmin to access the FusionAuth admin UI.

Feel free to file a feature request explaining your desired functionality in more detail if you'd like.

You can customize the forgot password page by modifying the theme. More details here: https://fusionauth.io/docs/v1/tech/themes/

The template you are looking to modify is the Forgot password template.

There is currently no Forgot username functionality. Please feel free to file a feature request for this functionality.

Is there a way to get the actual error via the FusionAuth admin dashboard?

You can check the event logs and the system output if you have access to the logs, but I don't believe there's a lot of debugging info available for that particular path.

This troubleshooting doc may be worth reading: https://fusionauth.io/docs/v1/tech/troubleshooting/

Also, if you are interested in building a more secure JWT, this article may be of interest: https://fusionauth.io/learn/expert-advice/tokens/building-a-secure-jwt/

So, this appears to be a limitation of Facebook. Here are the API docs from Facebook which have no mention of how long the image URL returned if you pass redirect=0 is good for.

Looks like some Auth0 users also encountered this.

So I think you are on the right path with downloading the user's Facebook images and updating them on your side every time a user logs in.

This is unfortunately a known issue. See https://github.com/FusionAuth/fusionauth-issues/issues/629 for some discussion. There are some workarounds in some situations (allow lists in Office 365) but no general workaround.

@chakshu

Sorry, I pointed you to the incorrect setting.

You can go to Applications > FusionAuth > Edit > JWT > Refresh Token duration

Changing that to 1 (the value is in minutes) caused me to be signed out of the admin application after 60 seconds.

Hope that helps.

I wrote a guide for running fusionauth in a clustered/multi node setup: https://fusionauth.io/docs/v1/tech/installation-guide/cluster/

The bug about the ip addresses being the same (which was only a display bug, not a functionality bug) was also addressed in 1.23.0: https://fusionauth.io/docs/v1/tech/release-notes/#version-1-23-0

Awesome! I know this is on our minds, but don't have an exact timeline for when it'll be implemented.

Thank you. Merged the PR. That was a boneheaded mistake on my part, sorry about that!

We don’t currently support IdP initiated login.

This has come up a few times, we’ll likely end up adding it, but for now it is not possible. We have an open feature for this in GitHub.

Please feel free to upvote it or otherwise communicate your desire for this work to be done.

Hiya,

Which search engine are you using (database or elasticsearch)?

Do you see any log messages in either FusionAuth's logs or the database/elasticsearch's?

Dan

PS if you are running in production with 2.5M users and want specific performance help with a guaranteed response time and access to the engineering team, we recommend purchasing a paid edition which includes support. More info here (scroll down to see support options).

Looking at how the filter works, it looks like we either find * which allows all origins, or - we look for exact matches in the configuration based upon the Origin HTTP header.

So you can't allow all subdomains in FusionAuth at this time.

We have an open issue for this: https://github.com/FusionAuth/fusionauth-issues/issues/603 Please do vote it up.

We also are investigating OpenAPI which would let you build a C++ library. More here: https://github.com/FusionAuth/fusionauth-issues/issues/614

Finally, I will point out that you can use the REST API and a JSON library and FusionAuth will work just swimmingly. I'm not C++ savvy, but https://github.com/nlohmann/json and https://github.com/jgaa/restc-cpp look like they could be combined to do the trick.

@chirag have you seen these? https://fusionauth.io/learn/expert-advice/authentication/login-authentication-workflows/

Reviewing them and mapping your use case on to them may be helpful.