I can confirm it works properly in the latest version. Thank you very much for the quick help!
M
Best posts made by maciej.wisniowski
-
RE: Google Identity Provider and missing_redirect_uriposted in Q&A
-
RE: How do you assign a theme to an application?posted in Q&A
@fred-fred You can customize the templates (eg macro body in helpers.ftl) in your theme like this:
[#if application?? && application.name?? && application.name == "MyApp1"] this is myapp 1 login screen [#elseif application?? && application.name?? && application.name == "FusionAuth"] this is FusionAuth login screen [#else] this is something else [/#if] -
RE: fusioAuth install is damaged?posted in General Discussion
@richb201 with docker you can use environment variables to configure FA: https://fusionauth.io/docs/v1/tech/reference/configuration/
For example (from docker-compose config):
FUSIONAUTH_APP_RUNTIME-MODE: development
FUSIONAUTH_APP_SILENT-MODE: "true" -
RE: How to set SMTP server configuration from docker-composeposted in Comments & Feedback
I don't think this is possible with environment variables as SMTP configuration is managed per tenant. You can use kickstart to configure it, eg.:
{ "method": "PATCH", "url": "/api/tenant/#{your_tenant_id}", "body": { "tenant": { "name": "My Tenant name", "issuer": "example.com", "themeId": "#{my_theme_uid}", "emailConfiguration": { "defaultFromEmail": "no-reply@example.com", "defaultFromName": "Blah", "host": "mailhog", "password": "", "port": "1025", "security": "TLS", "username": "", "forgotPasswordEmailTemplateId": "#{forgot_password_email_id}" } } } }, -
RE: fusioAuth install is damaged?posted in General Discussion
Ah.. seems I've made a typo, please try with all underscores in FUSIONAUTH_APP_SILENT_MODE (instead of FUSIONAUTH_APP_SILENT-MODE).
-
RE: FusionAuth in a cluster and separate user sessions for each nodeposted in Q&A
Answering to myself, as I've found the information regarding this issue in the docs. Seems "sticky sessions" is the way to go.
https://fusionauth.io/docs/v1/tech/installation-guide/server-layout
"In this scenario FusionAuth should be placed behind a load balancer to utilize both services equally. Session pinning should be utilized to support stateful sessions to FusionAuth"
-
RE: Using custom parameters with login pageposted in General Discussion
Answering to myself. Seems I can do the following:
[#if request.getParameter('custom_parameter')??] [#global custom_parameter = request.getParameter('custom_parameter')?string /] [@helpers.hidden name="custom_parameter" /] [/#if] </form>which just passes the parameter in the input field making it available after the form submit
-
FusionAuth in a cluster and separate user sessions for each nodeposted in Q&A
Hello
My setup consists of 3 virtual machines running database, FusionAuth & elasticsearch in a clusters plus a load balancer:
- vm1: PostgreSQL DB (shared)
- vm2: FusionAuth node1 + Elasticsearch node 1
- vm3: FusionAuth node2 + Elasticsearch node 2
- LoadBalancer
The problem is that every few requests I'm logged out of the FA management panel. It seems to happen when the load balancer directs the request to the FusionAuth node different than the one used for the previous requests. I can see that JSESSIONID cookie gets changed when I'm logged out. Turns out FusionAuth instances are not sharing the user session, is this correct?
The quick fix is to make the load balancer use "sticky sessions" but I wonder if this is the correct way to resolve this. Maybe I have something wrong with the FA configuration?
-
RE: User Rolesposted in Q&A
Hi,
If you have any other user account that has an admin role with the FusionAuth application then use this account to set the 'admin' role for your user (as the error message says).
If there is no other useable admin account then seems something is screwed up (wondering how it is possible). You might try the API to update the registration for your user.
If you don't have proper credentials for the API then I would try connecting directly to the database to find out if it is possible to add the role for the user there.
-
RE: Clarification of some confusionsposted in Q&A
Regarding the SPA and proper authentication flow, there are some more things to consider. First, if your SPA is served from the domain that is different from your backend's domain (eg. using Vercel to host SPA frontend) then you'll have issues with cookies between different domains. Another thing is security, specifically CSRF. You'll possibly have to implement some CSRF tokens to handle this. There is a lot of information regarding these topics on the Internet but still it doesn't seem to be very easy to implement. The first link I've found on the topic: https://ideneal.medium.com/securing-authentication-in-a-spa-using-jwt-token-the-coolest-way-ab883bc372b6.
Would be great if FusionAuth docs can also describe these issues (different domains, CSRF).Because of that it is worth considering if some other flow isn't better - AuthorizationCode + PKCE that doesn't touch the backend at all (no cookies, no CSRF issues, but you have to be careful with XSS). I've implemented a proof of concept React application that uses https://github.com/IdentityModel/oidc-client-js and slightly modified react-oidc (that is a react wrapper to oidce-client-js), and it seems to work nicely with FA for me.
-
RE: Fusion Auth w/ Vitess DBposted in Q&A
@psmiddy I've never heard about vitess but seems that your DATABASE_URL should point to vitess-test-8_0 not to localhost. Also, I think the port number can be just 33807 as it should be available internally in docker (ports: directive just publishes specific ports to localhost, eg. if you need to connect to docker from your desktop). Try:
DATABASE_URL: jdbc:mysql://vitess-test-8_0:33807/fusionauth