Our HA cloud offerings, outlined on fusionauth.io/pricing are aimed at the following use cases:

Large production needs Reliability required Higher monthly active users

Development doesn't typically fall into any of these :).

With HA you get an SLA, a custom URL (auth.example.com instead of example.fusionauth.io) and an architecture capable of handling more users.

You might want a custom URL to test your DNS/cookie config. Or you might want to load test (please don't load test with a basic cloud deployment, it won't tell you anything about production performanc).

If you want to derisk this early, in both these cases, we recommend standing up a temporary HA instance, applying your configuration, testing, and then tearing down the HA instance.

https://github.com/FusionAuth/fusionauth-issues/issues/1394 - logged for feature tracking. Feel free to add your own comments or observations as you see fit

That looks like you haven't applied the migrations needed. Per the release notes, that upgrade will require database migrations: https://fusionauth.io/docs/v1/tech/release-notes/

As a reminder, you can have fusionauth do the database migrations, but only if you are in development mode (check fusionauth.properties). If you are in production mode, you'll have to apply the migrations yourself, as outlined here: https://fusionauth.io/docs/v1/tech/installation-guide/upgrade/#database

Yes, you can search for users who are set to

"active" : false

just like any other user

The user can be retrieved but will have a status of {"user" : { "active" : false } }
The user cannot be updated but will instead have this error return

{ "fieldErrors": { "userId": [ { "code": "[inactive]userId", "message": "The User with Id [00000000-0000-0000-0000-000000000007] is inactive and cannot be updated until it is reactivated." } ] } }

Yes, this is the functional equivalent in the UI.

Soft delete is the preferred method.

Hi @ivona, thank you for writing in!

Can you let me know of any output in the error event log for both OAuth and apple config? This may help to troubleshoot this issue.

In the meantime, please feel free to take a look at some of our similar, Apple-related posts on our forum. Here are a couple of posts that may prove useful:

https://fusionauth.io/community/forum/topic/752/not-able-to-login-with-apple-id/6
https://fusionauth.io/community/forum/topic/752/not-able-to-login-with-apple-id

In the meantime I will dig further into this issue on my end and see if I can reproduce it.

Talk soon,

Akira

@elliotdickison said in Awkward OAuth logout in mobile app:

@maciej-wisniowski We ended up going with your solution and it's working alright, thanks for that!

@robotdan One suggestion for you all: I found the naming of the "AllApplications" value for the application.oauthConfiguration.logoutBehavior setting a bit confusing. As far as I can tell all the "AllApplications" value it really means is "show the OAuth2 logout page". That page can be used to log out of all apps (that's the default template behavior), but it doesn't have to be used that way. Per the suggestion from @maciej-wisniowski we are using the page to log the user out of only one app and show a "successfully logged out" message. Maybe to avoid a breaking API change the value "OneApplication" could be added in addition to "AllApplications" and "RedirectOnly". That value could use the same OAuth 2 logout template but maybe set a variable that could be used to conditionally turn off the logout-of-all-apps behavior. Just a thought.

Thanks for the suggestion @elliotdickison - please do open a GH issue with this suggestion and how you'd like the logout to behave in your use case.

Nope, at this time it is all configured at the tenant, via the UI or API.

If you have specific needs, please file a github issue outlining your use case: https://github.com/fusionauth/fusionauth-issues/issues

@saleenajohn49 said in Clicked the regenerate key button on the reactor page:

A nuclear reactor produces and controls the release of energy from splitting the atoms of certain elements. In a nuclear power reactor, the energy released is used as heat to make steam to generate electricity. (In a research reactor the main purpose is to utilise the actual neutrons produced in the core. In most naval reactors, steam drives a turbine directly for propulsion.

Ha ha.. yep, that is pretty much how the FusionAuth Reactor works too. 😆

I think you missed to put FusionAuth Tenant ID.

In my case, I create a file called appConfig.json :

e89f0007-0a18-41d8-b184-5e820eafa09e-image.png

The file contains :

FusionAuth URL (where you deploy your FusionAuth app such as https://login.mywebsite.com) FusionAuth Tenant ID FusionAuth App ID FusionAuth Client Key

Afterwards, I create a new instance of FusionAuth like this (in another file):

d60fe095-14be-4a7e-85fb-44b49a68c462-image.png

I pass FusionAuth Tenant ID here as a parameter.

Hence, I can fire a login function like below :
a4eed8ff-1441-4f15-9a93-9123603c36c7-image.png

@aman

Glad, you got it working!

Remember that CORS is a powerful tool. It's best to keep it enabled, once you nail down your configuration.

Thanks,
Josh

The timeout is already really high (10 seconds). I can see in the logs of my webhook that I get a timeout in the api call to FusionAuth. It feels like a race condition.

Hi @jeff-lawry,

I might need some more context to better assist. Can you confirm:

What are you trying to accomplish? How/Who are you integrating with? What errors are you seeing (if any)? "SP that has required setting for IdP Cert" -> can you elaborate a bit on this and offer more context? Are you looking to set up FusionAuth as a SAML SP or a SAML IdP? Based on your question, it sounds like the latter, but want to confirm. "Also SP is looking for PrototypeName sent by FusionAuth" can you provide a bit more context here. I am not familiar with this property. Which configuration screens are you interacting with (if any) within FusionAuth Admin UI that you have questions about? Have you consulted any documentation from FusionAuth? If so, which pages? (so that I can better assist...).

Please let us know some additional details and we will do our best to assist.

Thanks,
Josh

@pmolaro

I think I understand now.

If you imported a few users, they should be given the option via UI to have the verification email sent to them again (if you are using the OAuth flows/hosted pages)

If you are not using the OAuth flows in Fusionauth (this seems to be true, based on what you said), then I think that you would need to offer the user the ability to now verify through this API
https://fusionauth.io/docs/v1/tech/apis/users/#resend-verification-email, which will return a verificationId

Also, there is a tutorial for email verification (the gating part is a paid feature) and we are developing one (very similar) for application registrations as well (the gating part is a paid feature).
https://fusionauth.io/docs/v1/tech/tutorials/gate-accounts-until-verified/

Let me know if that more gets at your question.

Thanks,
Josh

The team wrote a tutorial outlining how to rotate keys, including signing keys: https://fusionauth.io/docs/v1/tech/tutorials/key-rotation/

Hiya.

You can see the elasticsearch query if you expand advanced in the UI.

Because of the way that we tokenize the search string, it is likely that a query like user@example.com will match more than just the user with the email address you are entering.

If you want to match only the email address in the UI, the easiest way to do it is to preface the query with email:. So email:user@example.com.

Hope that helps.