@denisskaletti Thanks for feedback. I removed your link because it seemed like spam. We welcome useful links that are about using FusionAuth, please check out the blog category and post there.

You’re correct. That is not a standard redirect URL. You could easily build some glue code to to look like an OpenID Connect compliant SP and then handle the redirect yourself. I am not super familiar with some of the OpenID Connect server options, but something like Hydra may be useful here. Perhaps some others from the community here can help with off the shelf options if you don’t want to code it yourself.

But coding it yourself may be the easiest, if you coded it in Node or something like that, it would be super simple, you’d have FusionAuth redirect to your node app and then you’d redirect to the video platform.

Check out the official documentation on using Docker + Kickstart.

Currently the only way to accomplish this will be to use the Import API, as you mentioned: https://fusionauth.io/docs/v1/tech/apis/users#import-users

We do have an open feature request to allow hashes to be provided on the User API, which I think would be what you're looking for: https://github.com/FusionAuth/fusionauth-issues/issues/348

Feel free to upvote that issue.

Sounds like @viola-mauro you've got this all working.

For anyone else that may be interested, we do have an apache module, that seems to be similar to what you're trying to do.

https://github.com/FusionAuth/fusionauth-mod-authnz-external

The short answer is that these events are from when the user was created or first registered for an application.

When a user is first created, or registered for an application we create a login event because we generate a JWT and optionally a Refresh Token for the user.

In these cases, we do not have an IP address to record in the login event.

We have discussed adding the IP address from the API request, but this is likely a back end system or internal service and the IP address would not represent the location of the end user, and so would likely not be of great use.

That's great!

I'm starting to think I may misunderstand what this complete login endpoint objective is.

I think I'm the one who is misunderstanding things 🙂 Yes, you should be able to build your own login pages to auth directly with google, and yes, you should get the refresh_token returned. I didn't follow what you were attempting to do, I thought you were using the google form provided by FusionAuth (which is what I tested and which returns a refresh_token if you provide the scope).

This sure looks like a bug because the refresh_token should be returned according to the docs. At the very least it is a doc bug, because the noJWT parameter doesn't state that the refreshToken will be returned if noJWT = false:

When this value is set to true a JWT will not be issued as part of this request. The response body will not contain the token field, and the access_token and refresh_token cookies will not be written to the HTTP response

But the response body states a refreshToken will be returned:

The refresh token that can be used to obtain a new access token once the provide one has expired. Because a refresh token is per user and per application, this value will only be returned when an applicationId was provided on the login request.

Can you please file a bug? https://github.com/fusionauth/fusionauth-issues/issues

Wow. You are right. Apologies. I'm doing some work on an older laptop and with the resolution and the lack of contrast on the LCD, I didn't notice the scrolling. Thanks!

I don't believe there's any way to find the expiry of a changePasswordId.

You could:

keep track of it yourself, since you know when you started the flow and you know how long the id is good for (it is in the tenant settings, I believe). build your own request password flow and just use this call: https://fusionauth.io/docs/v1/tech/apis/users#change-a-users-password with the loginId and an API key just try to change it and if you get a 404, redisplay the reset password flow. This is the default option.

Fix is live: https://github.com/FusionAuth/fusionauth-site/pull/147

I searched the fusionauth issues list and only came up with one issue mentioning RADIUS, but it may be worth reading if you haven't already. https://github.com/FusionAuth/fusionauth-issues/issues/219

Thanks for reporting, we have recreated the issue. It will be tracked and solved under this issue. https://github.com/FusionAuth/fusionauth-issues/issues/749

Ok thanks for info. Maybe include that somewhere in the documentation?

Hi David,

It sounds like you're looking for a way to pass the timezone of the user into the passwordless call so it is available in the email template. I agree that the current timezone is more useful than the possibly stale value in the user profile.

I don't know of any way to do this currently. So my suggestion would be to file a feature request: https://github.com/fusionauth/fusionauth-issues

@civaxox259
you fix you problem on `https://libroslara.com/libros/
becouse i donde see any problem on tha page

@bboure You may be interested in this new feature from the 1.17.0 release, which allows for a sliding window of refresh tokens:

Sliding Window Refresh Token Expiration. By default the expiration of a refresh token is calculated from the time it was originally issued. Beginning in this release you may optionally configure the refresh token expiration to be based upon a sliding window. A sliding window expiration means that the expiration is calculated from the last time the refresh token was used. This expiration policy means that if you are using refresh tokens to maintain a user session, the session can be maintained as long as the user remains active. This expiration policy must be enabled at the tenant level, and may optionally be overridden by the Application JWT configuration.

Symmetric keys are not returned on the JWKS endpoint, as they don't have a public key. Per the docs this api:

returns public keys generated by FusionAuth, used to cryptographically verify JWTs using the JSON Web Key format

If you create an RSA or EC key which is an asymmetric key pair - the public key will be returned on the JWKS endpoint. If you don’t have any key pairs configured , it will be empty. Out of the box, you’ll only have one HMAC key which we don’t publish in JWKS.

Can you use an include for the function body? For example: (where myLambda.ftl is your Lambda function in a folder named lambdas)

"lambda":{ "body": "@{lambdas/myLambda.ftl}", }

That should preserve your line returns if you include it that way. Hope that helps!