• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
  1. Home
  2. joshua
  3. Topics
  • Profile
  • Following 1
  • Followers 4
  • Topics 31
  • Posts 450
  • Best 36
  • Controversial 0
  • Groups 1

Topics created by joshua

  • J

    Solved I am having issues upgrading my containerized version of FusionAuth

    Q&A
    • • 22 Jul 2024, 22:07 • joshua 23 Jul 2024, 19:09
    2
    0
    Votes
    2
    Posts
    3.6k
    Views

    D 23 Jul 2024, 19:09

    Ensure that the source machine that is building your image is the correct architecture type.

    https://www.reddit.com/r/kubernetes/comments/13lurdl/kubernetes_error_exec_usrlocalbinyarn_exec_format/?rdt=39252

    For instance, if you are building a K8's cluster running linux (x86) but have built the image locally on a Apple M2 Mac (ARM based), then you will need to instruct docker to use the build x command to build a multi-platform build or change the source build machine.

  • J

    Unsolved How Do I Gather A List of All My Users For a Specific Applicatoin?

    Q&A
    • • 3 Feb 2022, 21:07 • joshua 3 Feb 2022, 21:13
    2
    0
    Votes
    2
    Posts
    1.4k
    Views

    J 3 Feb 2022, 21:13

    One recommendation is to use the User Search API to gather all users for a specific Application

    For example,

    curl --request POST \ --url https://local.fusionauth.io/api/user/search \ --header 'Authorization: <YOUR_API_KEY>' \ --header 'Content-Type: application/json' \ --data '{ "search": { "numberOfResults": 50, "query": "{\"bool\":{\"must\":[{\"nested\":{\"path\":\"registrations\",\"query\":{\"bool\":{\"must\":[{\"match\":{\"registrations.applicationId\":\"<YOUR_APPLICATION_UUID>\"}}]}}}}]}}", "startRow": 0 } }'

    Returns all the users that belong to a applciation Id using the query parameter. More information can be found in our documentation below.

    https://fusionauth.io/docs/v1/tech/apis/users/#elasticsearch-search-engine

    Accessing the Admin UI > Users > Search Box > Advanced > Show ElasticSearch Query Can also reveal prebuilt queries that you can run against users via API (move the toggles to observe how the query will change over time).

  • J

    Are soft deleted users searchable?

    Q&A
    • • 14 Sept 2021, 00:10 • joshua 14 Sept 2021, 00:10
    2
    0
    Votes
    2
    Posts
    1.1k
    Views

    J 14 Sept 2021, 00:10

    Yes, you can search for users who are set to

    "active" : false

    just like any other user

  • J

    If I soft delete a user can I still retrieve and/or update it via the API (without first reactivating it)?

    Q&A
    • • 14 Sept 2021, 00:09 • joshua 14 Sept 2021, 00:09
    2
    0
    Votes
    2
    Posts
    1.1k
    Views

    J 14 Sept 2021, 00:09

    The user can be retrieved but will have a status of {"user" : { "active" : false } }
    The user cannot be updated but will instead have this error return

    { "fieldErrors": { "userId": [ { "code": "[inactive]userId", "message": "The User with Id [00000000-0000-0000-0000-000000000007] is inactive and cannot be updated until it is reactivated." } ] } }
  • J

    Soft delete admin equivalent?

    Q&A
    • • 14 Sept 2021, 00:08 • joshua 14 Sept 2021, 00:08
    2
    0
    Votes
    2
    Posts
    1.2k
    Views

    J 14 Sept 2021, 00:08

    Yes, this is the functional equivalent in the UI.

  • J

    If I want to deactivate a user via the API, what is the correct way to do it?

    Q&A
    • • 14 Sept 2021, 00:06 • joshua 14 Sept 2021, 00:07
    2
    0
    Votes
    2
    Posts
    3.7k
    Views

    J 14 Sept 2021, 00:07

    Soft delete is the preferred method.

  • J

    1.30 is released

    Release
    • • 12 Aug 2021, 17:56 • joshua 20 Aug 2021, 22:05
    2
    1
    Votes
    2
    Posts
    889
    Views

    D 20 Aug 2021, 22:05

    And here's the announcement blog post: https://fusionauth.io/blog/2021/08/18/announcing-fusionauth-1.30/

  • J

    1.29 is released

    Release
    • • 16 Jul 2021, 19:51 • joshua 23 Jul 2021, 20:38
    2
    0
    Votes
    2
    Posts
    2.4k
    Views

    D 23 Jul 2021, 20:38

    And here's the blog post: https://fusionauth.io/blog/2021/07/23/announcing-fusionauth-1-29/

  • J

    Getting Error -- ERROR io.fusionauth.api.service.cache.DistributedCacheNotifier - Failed to request a cache reload

    Q&A
    • • 2 Jul 2021, 20:14 • joshua 2 Jul 2021, 20:16
    2
    0
    Votes
    2
    Posts
    913
    Views

    J 2 Jul 2021, 20:16

    This error is related to FusionAuth not being able to communicate to nodes over TLS in a multinode environment.

    Two things you will want to check-

    If you are using self-signed certs (TLS)

    You will need to add any self-signed certificates to your Java Truststore.

    If you are using a signed cert from a certificate authority

    Make sure you have properly integrated that cert into your TLS

    Lastly, If you are on a secure private backplane, you can simply communicate over non-TLS (HTTP).

    Once FusionAuth can establish a connection, then the caching issues should remedy themselves. In a multi-node environment, the first node is kickstarted with its own cache and then attempts to inform all other nodes to refresh their cache. If this "master node" cannot communicate (in this case due to not have the right security cert), then you will see errors such as above.

    Thanks,
    Josh

  • J

    Questions on Set Password Workflow -- two locations to set.

    Q&A
    • • 30 Jun 2021, 16:13 • joshua 30 Jun 2021, 16:14
    2
    0
    Votes
    2
    Posts
    819
    Views

    J 30 Jun 2021, 16:14

    Can we do something like this through the UI interface too?

    This is not currently possible. Creating the User, and creating a User Registration are two separate steps. As you correctly stated, when creating the user in the UI, there is no context yet for an application. For this reason, the user will receive the template configured at the tenant level.

    Or is this only possible through the API?

    Correct. You must use the Create "User + Registration" API to do this in one step to use the application template for setup password.

    If I register a user with both applications (through the API) which email do they get?

    When using the API to Create "User + Registration" you can only register for one application at a time. The email is only sent during the User Create step, so if you register for a second application, the user will already exist and thus will not receive a second email.

  • J

    FusionAuth Virtual Get-Togethers Scheduled for the End of June

    Announcements
    • • 16 Jun 2021, 21:07 • joshua 30 Jun 2021, 16:14
    3
    0
    Votes
    3
    Posts
    2.8k
    Views

    J 30 Jun 2021, 16:14

    A reminder that we have a second meet-up scheduled for today!

  • J

    Migrating users - from one server to another. How to do it.

    Q&A
    • • 15 Jun 2021, 20:24 • joshua 15 Jun 2021, 20:29
    2
    0
    Votes
    2
    Posts
    2.2k
    Views

    J 15 Jun 2021, 20:29

    If you need to preserve passwords, and you have access to the database:

    You could manually read from the db and then import users using the import API. https://fusionauth.io/docs/v1/tech/apis/users/#import-users You can use pg_dump or mysqldump respectively if you want to move the entire system from one server to another, users and all. The target system has to be at the same or greater version than the source. If the target is at a greater version than the source, you will enter maintenance mode on startup to migrate the schema.

    If you do not need to preserve passwords, then you could use the User Search API and the User Import API together.

  • J

    1.28 is released

    Release
    • • 8 Jun 2021, 19:35 • joshua 9 Jun 2021, 20:39
    2
    0
    Votes
    2
    Posts
    1.3k
    Views

    D 9 Jun 2021, 20:39

    And the announcement blog post: https://fusionauth.io/blog/2021/06/09/announcing-fusionauth-1-28/

  • J

    Can I use both the Login/Logout API and the OAuth Version of the Same endpoints (mix and match)?

    Q&A
    • • 25 May 2021, 21:30 • joshua 25 May 2021, 21:31
    2
    0
    Votes
    2
    Posts
    1.2k
    Views

    J 25 May 2021, 21:31

    Ideally, you would be using the Oauth2 login and logout endpoints which would also give you SSO, and a lot of other features such as forgot password, passwordless, two-factor login, account lockout, federated logins, etc.

    If you have a technical reason not to use OAuth - the Login API is available. Using the Login API means you will be coding all of the end-user workflows described above such as two-factor, forgot password, etc yourself.

    Our Five Minute Guide Covers one of the most common OAuth Grants and workflows available.
    https://fusionauth.io/docs/v1/tech/5-minute-setup-guide/#undefined

  • J

    Does the oauth2/logout method invalidate the Access Token or just the refresh token?

    Q&A
    • • 25 May 2021, 21:26 • joshua 25 May 2021, 21:28
    2
    0
    Votes
    2
    Posts
    835
    Views

    J 25 May 2021, 21:28

    No. Neither. But it will revoke the SSO token.

    https://fusionauth.io/docs/v1/tech/guides/single-sign-on#request-flow-diagrams

  • J

    Does api/logout revoke the bearer/refresh token?

    Q&A
    • • 25 May 2021, 21:25 • joshua 2 Jun 2021, 20:05
    4
    0
    Votes
    4
    Posts
    2.6k
    Views

    J 2 Jun 2021, 20:05

    @twilkinson,

    Hello again!

    Yes, this is how I read that as well from the documentation. You could also test that logout is enforcing the behavior that you are seeking by using the browser console to check for cookies. Or if not storing the token in cookies, checking the relevant location and/or behavior to ensure that the user's refresh/access tokens are properly removed/invalidated.

    Based on the documentation, you should provide the refreshToken in the request to invalidate, as seen below:

    6805586d-d207-4358-b4a1-97b62b5e0453-image.png

    Thanks,
    Josh

     

    Related Links

    https://fusionauth.io/community/forum/topic/270/logout-questions/5

  • J

    How to best log out a user? By using `/api/logout` or the `/oauth2/logout?`

    Q&A
    • • 25 May 2021, 21:04 • joshua 25 May 2021, 21:12
    2
    0
    Votes
    2
    Posts
    3.3k
    Views

    J 25 May 2021, 21:12

    If managing your own session (not OAuth)

    Documentation Link

    If you are not using the FusionAuth SSO, then you will manage the user session and state in your application.

    Within this self-managed context, the Logout API /api/logout is only useful if you are using the Login API within the context of a browser. In this case, the Logout API will return a response HTTP header to tell the browser to delete the cookies written by the Login API.

    In other words, depending on your configuration/setup/specifics, there may be more work to do within your self-managed SSO to completely log the user out.

    If not managing your own session (one example would be to follow OAuth)

    Documentation Link

    If you are following OAuth, then you will hit the endpoint provided in the above doc link (currently /oauth2/logout).

    This logout endpoint provides a mechanism to invalidate the user’s session held by FusionAuth, this effectively logs the user out of FusionAuth.

  • J

    After obtaining a refresh and access token, how do I verify the SSO/Session for the user to make sure they are still “logged in”?

    Q&A
    • • 25 May 2021, 20:59 • joshua 25 May 2021, 21:03
    2
    0
    Votes
    2
    Posts
    776
    Views

    J 25 May 2021, 21:03

    The FusionAuth SSO enabled through an OAuth2 code grant handles the user session validation.

    -However-

    The Login API (/api/login) does not use FusionAuth SSO. In this scenario, the user session is managed in your own application (more customization possible, but likely more code work).

  • J

    MFA Upgrade Question

    Q&A
    • • 19 May 2021, 16:42 • joshua 19 May 2021, 21:55
    2
    0
    Votes
    2
    Posts
    890
    Views

    F 19 May 2021, 21:55

    To clarify my current MFA delivery setup (v1.25), I have it configured with "delivery": "None" and this enables the Authenticator and backup codes via the Twilio integration.

    Will this keep working? Or do I have to update each user and enable the "sms" method? Is it even possible to enable the "sms" method without having a code that was sent to the mobilePhone of the user?