RE: SMTP Fails, no debug details

@joshua thanks for the reply.

I've already tested before reporting the issue, sorry I should have clarified that. SWAKS reported zero issues and the email was received as expected.

I use the exact same settings in other systems every single day. Exact same address and config.

I just retested by re-pasting all the details in (which I copied out into SWAKS when testing) and the email was sent successfully.

You may want to check on your debug log capabilities. There is zero way to debug this and just wastes time and trust.

@dan any help on this? Been a week and still the same issue.

The logs don't show any debug data.

Hi FusionAuth,

I'm trying to use the hosted service but adding SMTP to my tenant to test accounts fails so I can verify email addresses.

I have a product smtp configuration via smtp.office365.com (using copy and paste to make sure no human errors).

• When I try to send a test message I get:

Unable to send email via JavaMail
Prime Messaging Exception

• I use debug and only get that the debug is activated:

DEBUG: setDebug: Jakarta Mail version 2.0.1
DEBUG: setDebug: Jakarta Mail version 2.0.1
DEBUG: setDebug: Jakarta Mail version 2.0.1
DEBUG: setDebug: Jakarta Mail version 2.0.1

• when I attempt to send a verification email I see the following error in the event log:

Async Email Send exception occurred.

Template Id: ########-####-####-####-############
Template Name: [FusionAuth Default] Registration Verification
Tenant Id: ########-####-####-####-############
Addressed to: First Last <first.last@host.com>   // obfuscated for support

Cause:
jakarta.mail.MessagingException : Message: Can't send command to SMTP host

@dan How do I mark this as [resolved]?

@dan ah! That worked. Thanks. Your timing is uncanny, I just pushed a fake JWT creator awaiting this fix. Switching back to FA for my anon users

@dan no matter how I change the request (including no query string) if I remove the Authorization header it gives me a 401, otherwise i get the same 500 error.

@audrew31 using the "Registrations" endpoint and updating the user's roles:

See here in docs: https://fusionauth.io/docs/v1/tech/apis/registrations#update-a-user-registration

The roles for a user are specific to the registration to an application. Hope that helps.

I'm attempting to use the /api/jwt/vend endpoint and getting a 500 ERROR as a response. This seems very similar/identical to [this] previous report.

Here is the error from the logs:

2022-05-29 10:31:28.498 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
java.lang.NullPointerException: Cannot read field "keyId" because "this.request" is null
	at io.fusionauth.app.action.api.jwt.VendAction.validate(VendAction.java:53)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414)
	at org.primeframework.mvc.validation.DefaultValidationProcessor.validate(DefaultValidationProcessor.java:77)
	at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:46)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:81)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:44)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:91)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:64)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at io.fusionauth.app.primeframework.CORSFilter.doFilter(CORSFilter.java:262)
	at io.fusionauth.app.primeframework.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:49)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at io.fusionauth.app.primeframework.FusionAuthMVCWorkflow.perform(FusionAuthMVCWorkflow.java:86)
	at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44)
	at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50)
	at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:78)
	at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:881)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1647)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:833)

Request Attempts:

curl -vvv -X POST -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##instance_url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'

curl -vvv -X POST -H 'X-FusionAuth-TenantId: ##tenant_id##' -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##instance_url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'

curl -vvv -X POST -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'

curl -vvv -X POST -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##url##/api/jwt/vend'

Instance Details:
Version: 1.36.4
Latest version:
Nodes: 1
Runtime mode: Development
Host: Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1048-azure x86_64)
Reverse Proxy: nginx

@dan That will work just fine. With that I'll actually just make a quick service that takes in the arguments to adjust and it generate that json for me. Thanks!

Just because it would align with all my other triggered processes, I'll actually make it as a postgres function so I can call it with my graphql api via hasura. This will actually work very well.

@aperkins look in your oauth config for the app, inside FA, or the tenant config.

The redirect url is set there. Also , your app may be supplying a url as the redirect with that URL and it is not matching what's configured as the allowed redirect URLs in FA.

@aperkins what's your stack?

Sounds like you're using docker fusion auth (FA) in your own VM, and a node app that is trying to redirect to FA as the OAuth IDP, is that correct?

I can help you troubleshoot if you'd like. I'm in the slack channel or you can email me a lance@spearstone.partners

cheers

Using the “sourceId” for tenant, I can create a clone of a template tenant for my clients.

I would also like to do the same at an application level for each tenant, too, but don’t see the same concept of “sourceId”. Is there a (un)documented way of doing this?

This is my proposed flow:

• client signs up and I use the FA API to generate a default tenant for them.
• client chooses one or more application types from my portal and I use the FA API to generate the appropriate application(s) for their tenant
• client uses my portal to manage staff roles across their tenant and default role for signup to an application by their staff and I use the FA API to manage those roles and show the staff users signed up and their assigned roles