A couple of options:

You could optionally configure a different template for each tenant so you could hard code the correct URL in each template.

You could also add the correct URL to the tenant.data and then pull it out in the template during render so you could use the same template across tenants.

If the state parameter is working well for you for other APIs, you could open a feature request in GH to add this to the API in question.

You're getting an error during Tomcat startup while trying to bind 9011. FusionAuth will bind 9011 by default, so if you have anything else listening on that port startup will fail.

You can shut down anything else using that port, or change the default port FusionAuth is using so that you don't conflict with other valid services on the system.

See the config reference for changing the ports. ( FUSIONAUTH_APP_HTTP_PORT )
https://fusionauth.io/docs/v1/tech/reference/configuration/

❗ Move slowly - make sure to fully decouple production and dev instances. Some pointers or guideposts--

Assuming you're running on your own infrastructure.

Clone the production FusionAuth DB Point a new dev installation to it Caveats: If you have webhooks enabled that may start making requests out to prod infrastructure from a new “dev” instance. If you do have webhooks, you could start it up air-gapped and then disable everything that could contact an external system before you enable outbound traffic. As long as the dev instances are the same version or greater it should work. You wouldn’t be able to attach the db to an instance running an older version than the schema.

@vignesh,

There are a lot of potential issues that could be at play. Any additional information about your configuration/error logs might be helpful. Also, have you reviewed our documentation here regarding passwordless?

Also, as a quick take, you could install something like Mailcatcher to further check to see if the mails are even being sent.

Thanks,
Josh

Referencing/linking updated conversation here:
https://fusionauth.io/community/forum/topic/973/fusion-auth-upgrade-failing-user-registration?_=1619623366378

Hi @erikh!

Welcome to the FusionAuth Community!

I might need more details, as I have only a functional familiarity with Docker and container orchestration. As I understand it, NTP is a service that can be added to your container. But like I said, I might need more context to fully understand your issue. A quick look through the Dockerfile and docker-compose does not show any timeserver options being enabled.

Any other details about what you have tried, potential pitfalls that you are seeing, or errors may be useful.

I am also posting here (perhaps perfunctorily), the available documentation on FusionAuth for docker installation:
https://fusionauth.io/docs/v1/tech/installation-guide/docker/

The repo supporting FusionAuth containers is here:
https://github.com/FusionAuth/fusionauth-containers

The docker files are here as well:
https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/

Thanks and let us know. Happy to assist you in resolution as able.

Thanks!
Josh

Hi @mayank!

Apologies that you are having difficulty with this upgrade!

Do you have any more details on the types of errors you are receiving? Any errors logged to the event log or system log would be helpful in troubleshooting this as well. Can you provide the full endpoint that you are attempting to hit? Any other details about your setup would be helpful in diagnosing.

Thanks for the input and look forward to hearing more soon.

Thanks,
Josh

Hi @vaibhav!

Yes, this should be possible. The short answer is that you will want to review our documentation found below:

https://fusionauth.io/docs/v1/tech/themes/
https://fusionauth.io/docs/v1/tech/guides/passwordless/

Another user, borograd, had a related post here as well:
https://fusionauth.io/community/forum/topic/899/any-simple-was-of-doing-apple-google-only-login/3?_=1619622757240

I hope this helps!

Thanks,
Josh

You can use the user.create or the user.registration.create webhook to do something like this.

If you enable these webhooks and configure the transaction to require the webhook to succeed, then you simply need to return a non-200 status code from the webhook to cause FusionAuth to fail this create.

https://fusionauth.io/docs/v1/tech/events-webhooks/#tenant-settings
https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-create
https://fusionauth.io/docs/v1/tech/events-webhooks/events/#user-registration-create

Updated the JWT populate lambda doc to make it clear that headers aren't modifiable at the present time: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/

The way to do this is to use the user.data or registration.data objects as a transfer mechanism.

If you are using OIDC (SAML is much the same, but I'll use OIDC as an example), you can create a OIDC Reconcile Lambda. It might look like this:

// Using the JWT returned from UserInfo, reconcile the User and User Registration. function reconcile(user, registration, jwt) { user.data.favoriteColor = jwt.favoriteColor; }

So the jwt in this case is that returned from the OIDC identity provider. We store the data in user.data.

Now we need to pull it off of the user.data object using a JWT populate lambda. That might look a little something like this:

// Using the user and registration parameters add additional values to the jwt object. function populate(jwt, user, registration) { jwt.favoriteColor = user.data.favoriteColor; }

favoriteColor is now available as a claim in the JWT produced by FusionAuth.

Don't forget to assign your lambdas to the correct operations. The OIDC Identity provider needs to be configured with the reconcile lambda. The application's JWT tab is the right place to configure the use of the JWT populate lambda.

More information on all the lambda options available here: https://fusionauth.io/docs/v1/tech/lambdas/

You can modify your edition by:

Going to account.fusionauth.io Logging in Going to the edition tab Changing the edition from enterprise to a different one Save your change.

No, FusionAuth doesn't support adding JWT headers to FusionAuth generated JWTs. I looked at the code and don't think it'd be a ton of work to add support; there's already some scaffolding in the fusionauth-jwt OSS project.

I highly encourage anyone with this problem to file a feature request here with more details about your needs: https://github.com/fusionauth/fusionauth-issues/issues

We consult that in our roadmap planning. We also offer professional services if you need us to build it on a schedule. Please send a request to our sales department if that is an option you'd like to pursue.

An alternative would be to build a service that would re-sign your JWTs from FusionAuth with the needed header changes. Not optimal, I understand, but another avenue that might get you what you need.

If no email address is available, we fail and say we need an email address.

You’ll find your license Id on your account portal. Once you have that value, you can paste it into the FusionAuth instance to activate the license.

You should find your license on your account page, which you can log into here: https://account.fusionauth.io/

Here is a guide on activating your license: https://fusionauth.io/docs/v1/tech/reactor/

@joseantonio Glad to hear it!

FusionAuth does not support mapping these URLs, you may be able to accomplish that through CloudFront or some other proxy configuration.

We'd recommend a redirect.

@richard-allwood

Based on your feedback (among others) I created a 'jobs' category here: https://fusionauth.io/community/forum/category/7/jobs

Feel free to post your sample app project to see if anyone in the community can help.