FusionAuth Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

849 result(s) matching "", (0.03 seconds)

J React SDK example - nothing in the userInfo but tid and sub

I'm sure I'm doing something stupid here but I can't work out what I haven't done.

I am using the changebank React SDK example as my test harness, using the community version of FusionAuth for now, hosted under docker
I've created a new tenant, a new app and then a new user.
I can login using this new user into the app but the userInfo structure has nothing in it other the the use sub and the tid.

Config is below

const config: FusionAuthProviderConfig = {
clientId: "31067471-23fc-4634-afa9-c049ff4f0a86",
redirectUri: "http://localhost:5173",
serverUrl: "http://localhost:9011/",
shouldAutoFetchUserInfo: true,
shouldAutoRefresh: true,
onRedirect: (state?: string) => {
console.log(Redirect happened with state value: ${state}"});
}
};

Example code is:
In main.tsx
const { isLoggedIn, isFetchingUserInfo, userInfo } = useFusionAuth();

In the AccountPage.tsx I have:

    <p>tid {userInfo?.tid}</p>
    <p>sub {userInfo?.sub}</p>
    <p>roles {userInfo?.roles}</p>
    <p>email {userInfo?.email}</p>

The roles and email fields are always null

Any ideas?

General Discussion

•

B How is Token validation performed?

Reading through the ASP.NET backend setup for FusionAuth, in terms of configuration settings, this is all that's required:

"Authentication": {
    "Schemes": {
      "Bearer": {
        "Authority": "http://localhost:9011",
        "ValidAudiences": [
          "e9fdb985-9173-4e01-9d73-ac2d60d1dc8e"
        ]
      }
    }
  }

Because there's no client secret, I'm wondering how the token is validated without the api server needing to communicate with the FusionAuth authorization server? Should the ValidAudience uuid be considered sensitive data?

Thanks!

Q&A

•

A Unverified Behavior Setting Not Respected

Hey all,

Attempting to ensure when user's are logging in, if they're email is not yet verified, that they're still able to login.

Unverified behavior is set to "Allow. The user will be allowed to complete login," though the user is still getting re-directed to the unverified email template when attempting to auth

Any thoughts off-hand as to what I hadn't accounted for?

Q&A

•

D Making API calls against a user who is federating into FusionAuth

Suppose I have users who are going to federate into FusionAuth via another OIDC or SAML server. They are going to be created on demand. After they are created, I want to use Lambda HTTP Connect to call into FusionAuth to add them to a group, register them for an application or otherwise manipulate their account based on attributes from the remote identity store.

I tried to do that in the OIDC reconcile lambda, but the user isn't created yet, so I can't, for example, add them to a group or grant them permissions on an entity.

What is the best way to solve this?

Q&A

•

D Can you migrate passkey information between tenants?

I want to let a user log in to one tenant using passkeys.

Then, later, I want to move them to another tenant.

Can I migrate their passkey information as well?

Q&A

•

D Can you turn off CAPTCHA for certain applications in a tenant

I want to turn off CAPTCHA for a given mobile application to make sure the app review process doesn't get impacted, but I want to retain CAPTCHA for the other applications in that tenant.

Q&A

•

D Can you use push notifications as a form of MFA with FusionAuth?

I have a mobile app and want to use push notifications for my MFA. Is that possible/supported with FusionAuth?

Q&A

•

M Noob question: Single user, multiple "tenants"

Hi all

I am considering FusionAuth as a self-hosted option for our very early startup attempt. I apologize in advance for most likely abusing the word "Tenant" here.

Basically I need users to be disconnected from tenants. In this case, a tenant is an account/company/org that is isolated from every other tenant and a tenant is where a subscription/plan is connected, except when it comes to users. Users can have roles in one or more tenant. The idea is that many of our users are freelancers that will work with multiple clients (our tenants), so I want to make it super simple for them to pop up a list of all tenants they have access to and let them switch on the fly. Selecting a different tenant will then reload roles and permissions and reload the assets based on the new privileges.

I have read through some topics here in this forum, but couldn't find an exact match. So I have to ask; is this setup possible in FusionAuth, and if so, what would be the best setup of the service for this scenario?

Q&A

•

M Is there a way to enable or disable captcha at application level?

Looking at the documentation I came across captcha settings at Tenant level. I was wondering, if I have multiple applications under a single Tenant, is there a way to enable or disable captcha at application level?

General Discussion

•

D WebAuthn is now free

Great that you've made security a standard feature in https://fusionauth.io/blog/announcing-fusionauth-1-52

But you now appear to have the situation where WebAuthn is available free on Community Edition, but not available to licensed users on Starter?

Do you recommend that we stop paying to support your work and switch to the Community Edition?

Comments & Feedback

•

Search