• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
  1. Home
  2. bharath.yadavally
B
  • Profile
  • Following 0
  • Followers 0
  • Topics 1
  • Posts 7
  • Best 2
  • Controversial 0
  • Groups 0

bharath.yadavally

@bharath.yadavally

2
Reputation
2
Profile views
7
Posts
0
Followers
0
Following
Joined 15 Aug 2022, 03:55 Last Online 24 Jan 2023, 04:27

bharath.yadavally Unfollow Follow

Best posts made by bharath.yadavally

  • RE: Manually verifying a JWT

    @dan How can I view RS256 secret?

    It says The private key is not viewable

    Screen Shot 2023-01-03 at 11.34.46 am.png

    posted in Q&A
    B
    bharath.yadavally
    3 Jan 2023, 00:36
  • RE: Manually verifying a JWT

    @dan Discard my comment above regarding custom claims for JWT.

    I found your post: https://fusionauth.io/community/forum/topic/65/how-does-one-add-custom-claims-to-the-jwt-issued-by-the-oauth-flow?_=1672715552700

    Which should guide me through next steps. Thanks 👨‍💻

    posted in Q&A
    B
    bharath.yadavally
    3 Jan 2023, 03:17

Latest posts made by bharath.yadavally

  • RE: How to invalidate jwt issued before deativating user?

    @dan
    Okay I can give it a go.

    But, trying to understand what is the difference in doing this webhook way vs doing following steps:

    On every client request to backend service:

    1. Call GET: api/jwt/validate or can implement manual validations (when no-claims scenario, only need to check signature and expiry)
    2. Call GET api/user with valid jwt from step 1. Which returns a response with user.active: false for deactivated user
    posted in Q&A
    B
    bharath.yadavally
    16 Jan 2023, 01:10
  • RE: How to invalidate jwt issued before deativating user?

    @dan I am passing the access token to the introspect endpoint, as you mentioned it is always returning active.

    What I actually trying to do is to have the access token revoked if the user account is deactivated.

    For my scenario, I am using access token with longer expiry but also wanted to revoke those token if a user is deactivated before that token is expired.

    posted in Q&A
    B
    bharath.yadavally
    12 Jan 2023, 06:15
  • How to invalidate jwt issued before deativating user?

    @dan

    Can you be able to help me understand these flows:

    I have two users parent-user and child-user

    1. child-user logged in and received a valid token with lengthy expiry

    2. parent-user deactivated child-user using endpoint DELETE: /api/user which successfully locked the user and showing locked in fusionauth UI

    3. But, when child-user requested data using token issued in step 1, validate endpoint GET: api/jwt/validate endpoint is not invalidating the user. And returning success response back. When i checked user, applications are present in registrations.

    Is this a bug? How can i invalidate a locked user properly??

    EDIT:

    I have looked into your post: https://fusionauth.io/community/forum/topic/49/how-should-i-validate-access-tokens

    And, make sense /api/jwt/validate is just validating expiry, signature and claims. But, when I hit /oauth2/introspect endpoint I am still getting user status active

    {
    	"active": true,
    	"applicationId": "<appid-uuid>",
    	"aud": "<appid-uuid>",
    	"auth_time": 1673234995,
    	"authenticationType": "PASSWORD",
    	"email": "myuser@mailinator.com",
    	"email_verified": true,
    	"exp": 1674444595,
    	"iat": 1673234995,
    	"iss": "auth-dev.mailinator.com",
    	"jti": "jti-uuid",
    	"roles": [],
    	"scope": "offline_access",
    	"sub": "<user-uuid>",
    	"tid": "<t-uuid>"
    }
    
    posted in Q&A
    B
    bharath.yadavally
    9 Jan 2023, 04:10
  • RE: Manually verifying a JWT

    @dan Discard my comment above regarding custom claims for JWT.

    I found your post: https://fusionauth.io/community/forum/topic/65/how-does-one-add-custom-claims-to-the-jwt-issued-by-the-oauth-flow?_=1672715552700

    Which should guide me through next steps. Thanks 👨‍💻

    posted in Q&A
    B
    bharath.yadavally
    3 Jan 2023, 03:17
  • RE: Manually verifying a JWT

    @dan Now I am able to validate the token using RS256.
    But, trying to figure out how can I add a user status ACTIVE or INACTIVE to jwt token when generated first time by fusionauth.

    I previously used auth0 where we can add a js script like lambda functions to add custom parameters to jwt. Is something I could do with fusionauth?

    posted in Q&A
    B
    bharath.yadavally
    3 Jan 2023, 03:08
  • RE: Manually verifying a JWT

    @dan I forgot how I created my key at first place, imported a new one and using private key which I generated.

    posted in Q&A
    B
    bharath.yadavally
    3 Jan 2023, 03:06
  • RE: Manually verifying a JWT

    @dan How can I view RS256 secret?

    It says The private key is not viewable

    Screen Shot 2023-01-03 at 11.34.46 am.png

    posted in Q&A
    B
    bharath.yadavally
    3 Jan 2023, 00:36