Topics created by richb201

@richb201 Heya, you need to start or install FusionAuth. It's a program like MS Word or your web browser. If you haven't used it in a while, it might be stopped.

How you start it depends on how you installed it. https://fusionauth.io/docs/v1/tech/installation-guide/ has some of the methods.

@richb201,

I assume you are self-hosting FusionAuth, but let me know if this is not the case.

I had to split the server into two different copies. One at researchstudyonline.com and one at staging.researchstudyonline.com.

The database is the source of state in FusionAuth. So if you copied the database, then the same users and their logins should exist in that new copy. For how you have set up FusionAuth, I would expect your staging environment would have its own database as well as production.

When I click on http://staging.researchstudynline.com/ I see that the link is broken. You may want to review your configuration and ensure that you have properly set up the new FusionAuth instance (http://staging.researchstudynline.com:9011/) and its associated database.

I am linking the appropriate documentation which may aid you further in installing a new FusionAuth instance and database:

https://fusionauth.io/docs/v1/tech/installation-guide/ https://fusionauth.io/docs/v1/tech/installation-guide/common-configuration/ https://fusionauth.io/docs/v1/tech/reference/configuration/

Lastly, there are a few different ways that you could replicate a database. One such way would be to use the pg_dump command. Once you have your dumped database, create a new empty database, and use pg_restore to import your data. Once you have your new database, you would stand up a new FusionAuth instance and point that instance at this new datastore. I would encourage you to use your search-fu to find articles that will speak to how to complete a database replication if you have any other questions about this process.

Hope this helps!

Thanks,
Josh

Thanks. I set up two databases now instead of just one and having both production and staging share it. But I find when I go into the FA control panel on staging and change things such as paths it changes the paths for both the staging and the production servers.

Where do I specify (for each server) what database should be used?

Hey Dan. It has been a long time! I just can't get past the passwordless problem I have with fusionAuth. Your help has been stellar but I really need to hire someone to get me over the "hump". Seems like there are not too many people out there that have a working knowledge of FA. I have tried to find one! Can't hire help and can't get community help leaves me with no options.

I took a look at https://fusionauth.io/learn/expert-advice/authentication/webapp/oauth-authorization-code-grant-sessions/ and will try to switch over to using this method since it seems well documented. I will probably need to find someone to update the themes if I get it going. Good luck on that!

I really like the diagram which shows the message flows in it. Is there a document, just like oauth-authorization-code-grant-sessions but for passwordless? That diagram, but for passwordless, would definately help.

The issue with the redirect URI specified in your code. FusionAuth is indicating that the redirect URI you provided is invalid.
The redirect URI must match the one registered for your FusionAuth application.

I recently embarked on the journey of integrating FusionAuth into my website, inspired by a discussion in the FusionAuth community forum

@richb201 said in where is the application oauth tab?:

redirect_uri=35.153.28.16

The redirect needs to match your configured list in FusionAuth. redirect_uri=http://35.153.28.16...

If you are using the FusionAuth email template, you will want to verify the link is getting built correctly in the template.

@richb201

The documentation says that this is optional. But not in my case.

Can you elaborate on where you found this in the doc?

The error should say missing "X-FusionAuth-TenantId"

Can you elaborate on this?

When I get back the "code" do I need to manually convert it to a token, or is this done automatically?

You may want to review our OAuth guide. Using a OAuth2 flow, it is common to have two separate endpoints (authorize and token) to obtain access. The "code" is returned from FusionAuth and is used (in conjunction with a few other possible factors) to obtain an access token (in our typescript client, this is the client.exchangeOAuthCodeForAccessTokenUsingPKCE function)

We do have a few tutorials as well, that show this in action (nodeJS tutorial being one of them)

Lastly, for general housekeeping's sake, this thread is getting a bit long, with a few related posts clumped together. For future questions, if the question is unrelated to the posts immediately above, it might be good to open a new thread.

Yes it does. I pretty much had come to the conclusion that I need to build my own login form, and you confirmed that. And have it submit to my code which will then start passwordless via the API.

Hey Dan. My plan is to try to log a user on with their email as the key. If that fails (like it will if they have not registered).

$request = array(); $request["applicationId"] = $_SESSION['applicationID_admin_register_login']; $request["user"]["data"]["admin_email"] = $email; $request["user"]["data"]["email"] = $request["user"]["email"] = $email; $requestJ = json_encode($request); //convert the array into json $result = $_SESSION['client']->updateUser($id, $requestJ); //if $result is that user was not found then ask if they want to register? if (!$result->wasSuccessful()) { log_message('error', $result); }

Now, I don't want to updateUser() since I am not even sure if the user exists. What function should I use to easily see if they are already registered?

Thx Dan, I read it. It might be more trouble than it is worth. I am thinking a link from landing page to the initiation of the passwordless might do the trick, although i do need the users to register (both for fa and for me).

<a href="http://localhost:9011/oauth2/register?client_id=f603697d-41ea-4c53-xxxx-e935d5e34221&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Findex.php%2FConfigure%2Fcampaign_management_with_actions">Register</a>

Thanks @richb201 , appreciate the UI suggestions! I'll take a look as we definitely don't want folks to be confused/frustrated by the user interface.

Cheers,
Dan

@maciej-wisniowski That was done when we found that there was a bug in

#FROM fusionauth/fusionauth-app:1.19.4

and we replaced it with:

FROM fusionauth/fusionauth-app:1.19.7

My first question is a) when I setup the dashboard on server A. Can I assume that all the servers (behind a load balancer) will get the same configuration?

You need to distribute the configuration file or the environment variables yourself. You could scp the configuration file to each server, for example.

b) I want to make sure that FA is using the RDS database and not a local one in each docker container. How can I prove to myself that FA is using the RDS?

I'm not sure how you installed this, but you could remove postgresql from the docker-compose file. You can also shut down the RDS instance and see if FusionAuth fails.

You can also look for a line in the startup log file that looks like this:

fusionauth_1 | 2021-02-02 9:23:53.070 PM INFO com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://db:5432/fusionauth]

This line is connecting to a local postgresql database, but you should see the configuration value pointing to the RDS hostname in yours.

Thanks awesome @richb201 !

I'm glad you were able to sort it out!

Hard to know exactly what's going on.

I would try creating another tenant and seeing if the same SMTP settings fail. Then I'd try standing up a version with the very latest FusionAuth version and seeing if you see the same behavior.

Also, do you have the same tenant smtp settings? That is under the "advanced" tab, then "smtp settings".

One thing you could do is send them an email with a fresh login link. You could catch the 'login failed' and generate a new magic link (which you could build via the API). Then you'd send them an email with the new magic link.

You could also make sure you include when the link expires in the subject line of the email.

More on doing that here: https://fusionauth.io/community/forum/topic/220/can-i-customize-the-passwordless-link-email-subject-with-the-time-the-link-expires