@mou, Is this what you are looking for? https://fusionauth.io/docs/lifecycle/authenticate-users/application-authentication-tokens
mark.robustelli
@mark.robustelli
Best posts made by mark.robustelli
-
RE: Salesforce error: Id_Token_Error: Missing or invalid iss
Hello @yuval,
I'm not very familiar with Salesforce but when taking a look at the guide there is a step that says "Scroll down to the Salesforce Configuration section and open the address from Test-Only Initialization URL in an incognito window.". What do you see when you try that?If you are not getting that information, can you please describe in a little more detail what steps you have taken and when you receive the above message about the invalid iss?
-
Security Token Signature Key Not Found Exception: IDX10501: Signature validation failed. Unable to match key
I am running through the Integrate Your .NET 7 Application With FusionAuth quickstart guide and encountered the error listed below.
I think it has to do with following message in the guide:
The script set up a RS256 asymmetric signing key. FusionAuth supports this signing algorithm, but doesn't ship with a default key.How do I add the required key to FusionAuth?
Error Message:
An unhandled exception occurred while processing the request.
SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: '236bb45e-e88c-4f07-87ff-c93d6fb752a2'.
Number of keys in TokenValidationParameters: '0'.
Number of keys in Configuration: '0'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT","gty":["authorization_code"],"kid":"236cc45e-e88c-4f07-87ff-c93d6fb752a2"}.{"aud":"236bb45e-e88c-4f07-87ff-c93d6fb752a2","exp":1687312521,"iat":1687308921,"iss":"acme.com","sub":"e5e4a956-0f9d-4bec-9121-dededb20e00f","jti":"ca5d3d30-ef26-4e48-afcb-d5ba670ac2d4","authenticationType":"PING","email":"myemail@email.com","email_verified":true,"at_hash":"ANWNkB4EA34d0cr1A50zQg","c_hash":"eCEeL-bgcDFkzcpmNT5k9g","scope":"openid profile","nonce":"634229057201762476.ZDQ1NzEzZWMtM2M4OS00ODgxLWI3ZmEtNjJhZWY0MzhlOWYzN2I4ODdhNmQtYTI2OS00OTc0LThhOWEtYzc2OGEzYmIzN2M3","sid":"4fe9dcc0-1ce9-4819-a97a-47c38cb730b8","auth_time":1687308921,"tid":"a51e69f7-520b-6860-2d33-d1e12f797af9"}'. -
RE: 3rd Party Authentication
@it-contracts Hello. I am pretty new to FusionAuth, but my understanding is that you are taking the correct steps. I am not aware of a way to do this within a single call.
Are you simply looking to be more efficient with the calls or is there some reason this workflow will not work for you?
-
Using Analytics to Track Registrations
What is the best way for analytics tracking after a user has successfully registered?
-
RE: 3rd Party Authentication
@it-contracts I apologize for misunderstanding your initial question. You and @kash are correct in that by using FusionAuth, it will appear to be one call from your perspective. However, in the background, FusionAuth will still need to make the same amount of calls to the the access token. And another nice thing about using FusionAuth is that you will be able to add other identity providers in the same way.
-
Multi-Region Cloud Setup
Does FustionAuth support multi-region active-active set-up for cloud services?
-
RE: 3rd Party Authentication
@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select
Applications
. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here. -
RE: Add User to group not working
@sandesh Thanks for sharing her on the forum. Hope you are able to accomplish your end goal with the APIs.
-
RE: 3rd Party Authentication
@it-contracts, which license did you purchase? If you selected the Essentials Plan you should have access to the Account Portal and may receive support directly through email if this is time sensitive.
Latest posts made by mark.robustelli
-
RE: MFA Authentication for the API Connector User
@hanumant-sidraya Can you please clear up a few things.
It sounds like you have customers that have their own IdP. When you say "the customer has exposed the API for authentication.", what does that mean. They have an API that can confirm their identity?
If you have the APIs and authentication working with the customer's IdP, have you tried enabling the Two Factor Authentication for the user? Go to your user details screen in FusionAuth and then click 'Enable Two Factor' from the dropdown in the upper right hand corner?
For more details, you can refer to the Two Factor API documentation and the Enable Multi-Factor Authentication API documentation.
-
RE: Username as the LoginID for forgot password workflow
@david-4 You should have have any problem using the loginId. As far as searching the custom attribute data, you should be able to using the APIs if needed. Check out how to search user data attribute here.
-
RE: Upgrading from 1.46.0 to 1.47.1 CSRF token issue with IdP
@tvdlooy Could you try to remove the identity provider login and then add it back? You should not need to, but if that works it could let us know that something else got messed up.
-
RE: NextJS + custom backend (NestJS)
@kasir-barati It depends on what you are trying to do. If you are trying to authenticate a user for your application and the login flow that redirects to FusionAuth and returns to your application works, then you would not need the APIs. Even if you need to customize the JWT, I would look into lambdas for that.
-
RE: Angular and .NET - totally confused
@alan-rutter So, what is the purpose of the .Net backend API? Is it just to do some checks? It seems like you want your user to be authenticated in the Angular app. Is that not the case? In the scenario above, I'm not sure you need the .Net backend to be authenticated.
-
RE: Using TwoFactorLogin and expose TwoFactorId
@didier I'm not 100% sure what you mean by "expose twoFactorId in frontend part". I'm assuming you mean give the user a way to input the code. So yes, you will have to allow them a method to input their code and then complete the login. Please see here for more information.
-
RE: 431 Request Header Fields Too Large error (almost 100 fusionauth.known-device cookies)
@05-years_tourer So there is no configuration value but you can check out this and see if there is a strategy that will work for you.
Device Limiting with FusionAuth. -
RE: Multi tenants for one application
OR, perhaps a new concept is needed in FusionAuth -- "Organizations" if you will -- that allows for granting users with different permission sets inside the same Application.
You should feel free to open up a feature request here.
-
RE: 431 Request Header Fields Too Large error (almost 100 fusionauth.known-device cookies)
@05-years_tourer have you tried to clear you cache and try again?
-
RE: Fusion Auth integration with Azure AD Saml the saml response returns user id as the nameid instead of the user email
@mr-sahand Have you considered using a lambda to populate the info as you want it?
SAML v2 Populate Lambda (https://fusionauth.io/docs/extend/code/lambdas/samlv2-response-populate)