Hi @yukeng_wu,

Have you had a chance to review our k8's guide? This might be a good starting place for troubleshooting, etc.

https://fusionauth.io/docs/v1/tech/installation-guide/kubernetes/fusionauth-deployment/

Thanks,
Josh

@oleksiikraieviy

The forum is a great place to get unstuck and ask questions - so thanks for the feedback! The scenarios you have listed here could have a number of different implementation considerations depending on context.

One place to start looking would be our documentation.

We have documentation around MFA below:

https://fusionauth.io/docs/v1/tech/account-management/two-factor-sms/

As well as documentation around passwordless below:

https://fusionauth.io/docs/v1/tech/guides/passwordless/

Finally, we have documentation around messengers below:

https://fusionauth.io/docs/v1/tech/messengers/

Some of the flows you describe should technically be possible, but would likely require custom integration code on your end.

user can reset password using SMS.
Third one is passwordless auth using only phone with SMS code.

For instance, as far as I am aware, these are not natively built into FusionAuth. This would be a custom integration.

Generic messengers are very extensible and can integrate in a number of ways with the right integration/glue code.

I hope this helps!

Thanks,
Josh

@simo-adonis This is not possible with FusionAuth currently.

Here's the tracking issue: https://github.com/fusionauth/fusionauth-issues/issues/1

@jojo-serquina Thanks!

For any future readers, you can see the state of this feature request here: https://github.com/FusionAuth/fusionauth-issues/issues/1536

@dan That will work just fine. With that I'll actually just make a quick service that takes in the arguments to adjust and it generate that json for me. Thanks!

Just because it would align with all my other triggered processes, I'll actually make it as a postgres function so I can call it with my graphql api via hasura. This will actually work very well.

@faisal-jamil

FusionAuth, as you can see, doesn't like to be run without being assured TLS is involved. That is what the warnings are about. It relies on the X-Forwarded-Proto to be assured that TLS is involved.

It looks like you have this:

User -> (TLS) -> Internet -> (TLS) -> NLB -> (HTTP) -> Ingress -> (HTTP) -> FusionAuth

Which seems like a fine architecture (because from the NLB to FusionAuth is presumably a private, secure network, so TLS is not needed). The question is, how do you tell FusionAuth that things are okay? That's why I suggested trying to set the header.

I do not know how to modify X-Forwarded-Proto to https, without terminating at the Ingress controller.

I also do not know how to do this. I suggest reviewing the AWS documentation and/or contacting AWS support.

If you have a FusionAuth edition including support, you can also file a support ticket and the engineering team will take a look. (If you do that, please reference this forum post.)

@aperkins look in your oauth config for the app, inside FA, or the tenant config.

The redirect url is set there. Also , your app may be supplying a url as the redirect with that URL and it is not matching what's configured as the allowed redirect URLs in FA.

@fedir-sinchuk,

I am not very familiar with terraform myself. Have you resolved this issue or can you provide any more context feedback about what you are attempting to accomplish and any additional errors you are seeing?

Thanks,
Josh

@melichpelegri I'm not sure what you mean by silent refresh. Can you explain?

@matt-1

I will let my colleagues and community teammates chime in, having not written an Azure integration into FusionAuth as of yet. However, here is my two cents:

If FusionAuth is the source of record, you will want to review the documentation that Azure AD provides and see if you can call into FusionAuth via OAuth2 or SAML or JWT from them.

Googling azure storage blob authentication via jwt token returns many promising possibilities that look relevant.

Another wrinkle is that you are likely asking for a permissions-based model below:

Azure Storage Blog (or some intermediary) authenticates backs to FusionAuth to check whether the user is authorized for the piece of content or not.

This might require you to handroll your own solution or explore others that are prebuilt. Roles and groups are one area in FusionAuth that you could use to assign some level of access to your users. With some integration code, you could help your application determine what storage they should have access to.

https://fusionauth.io/docs/v1/tech/apis/groups/ https://fusionauth.io/docs/v1/tech/core-concepts/roles/#overview

I hope this helps and will post back if anything additional occurs to me.

Thanks
Josh

@erick

Apologies for the delay. I was not able to test the andriod portion of this very well on my Mac. Is this still an open issue for you?

Thanks,
Josh

Hi @ravikiran-sattigeri,

All applications can be retrieved via this API -

https://fusionauth.io/docs/v1/tech/apis/applications/#retrieve-an-application

The roles should be attached to the returned object under a roles array.

If you could provide some additional context around what you are attempting to accomplish, we may be able to provide additional feedback.

If you have a support contract, please file a ticket via your Zendesk or Slack channels for additional questions. Thanks!

Thanks,
Josh
FusionAuth