Hi @egis!

Welcome to the FusionAuth community! Let me see if I can get you pointed in the right direction!

API

I would suggest reviewing our Users API which allows for a flow similar to what you are describing (if I understand you correctly).

https://fusionauth.io/docs/v1/tech/apis/users/#create-a-user

Request Body sendSetPasswordEmail [Boolean] OPTIONAL Defaults to false Indicates to FusionAuth to send the User an email asking them to set their password. The Email Template that is used is configured in the System Configuration setting for Set Password Email Template. If you set this value to true the password field is then ignored, FusionAuth will set the initial password to a securely generated random string. If you have also enabled email verification and do not select to skip verification using the skipVerification parameter, only the setup password email will be sent to the user. Setting up the password using the email sent during this user create operation will implicitly verify the User’s email if it is not already verified. If the SMTP email configuration is not complete, or disabled, this value is ignored. Via UI

Once a user has been added by an admin via the UI, there is an option to send a
toggle to “Send email to setup password." which would reproduce the functionality described above.

Email templates

Remember to select a template in Applications via UI
setup-password-template.png

Roadmap

Is there a chance that this https://github.com/FusionAuth/fusionauth-issues/issues/743#issuecomment-664365516 will be implemented?

While this issue is documented, it not on our short-term road map at this time.

Please review our roadmap guidelines

I hope this helps on your way!

Thanks,
Josh

Referencing/linking below for future guidance for folks who view this post:

https://fusionauth.io/community/forum/topic/900/authentication-for-an-application-with-web-client-and-mobile-front-ends

@mehamm

I am working on a multi tenant guide. Thank you very much for your feedback; I'll make sure to include it.

As you continue to build out your multi tenant application, please continue to post on the forum about your progress and/or any other questions. 🙂

We often hear our multi tenant support is a differentiator for FusionAuth, and would love to make it easy/clearer for everyone.

Both the API and the UI can pull User Data.

Via API

Docs are here:

https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users https://fusionauth.io/docs/v1/tech/apis/users/#elasticsearch-search-engine

Via UI

The functionality is nested under the user tab on the upper left nav.

From there click on the advanced button. From there you can enter your query in the search bar. Note: If you want to see how the query is constructed, there is also a toggle - Show Elasticsearch Query https://fusionauth.io/docs/v1/tech/core-concepts/users/#user-search can guide you through a simple user query.

@cyrill-lippuner PR here: https://github.com/FusionAuth/fusionauth-site/pull/544

Thanks for the feedback!

How would I do this kind of search for users within a Postgresql database, I'm not using ElasticSearch.

Sorry, you cannot.

Unfortunately you can't search beyond fuzzy matching on the parameters listed in the database search documentation. If you have advanced search needs, we recommend running elasticsearch, which is extremely powerful and flexible.

Here's a tutorial on switching search engines: https://fusionauth.io/docs/v1/tech/tutorials/switch-search-engines/

No, Kickstart must be run on a pristine system. Please feel free to file an issue suggesting that functionality, though: https://github.com/fusionauth/fusionauth-issues/issues.

Yes.

The only thing you can't create via the API is another API key. You can track that functionality on this issue.

See the tenant documentation for more.

FYI a lot more FusionAuth Cloud details are available in the cloud installation guide.

FYI a lot more FusionAuth Cloud details are available in the cloud installation guide.

Darn API key permissions!!

shaking-fist.png

Thanks for trying out FusionAuth. The account management is mostly self service. If you log into your FusionAuth account you will find your deployment under the Deployments section.

https://account.fusionauth.io/

You should see an action on the deployment table to Destroy the deployment. This action will delete your FusionAuth Cloud instance and pro-rate a refund back to credit card.

If you are using Elasticsearch yes..

If you want to search for a username in a particular registration (for a particular application)

{ "bool" : { "must" : [ { "bool" : { "must" : [ { "nested" : { "path" : "registrations", "query" : { "bool" : { "must" : [ { "match" : { "registrations.applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32" } }, { "match" : { "registrations.username" : "bob" } } ] } } } } ] } } ] } }

Where the value for registrations.applicationId is the Id of your application and the username you are looking for is bob.

If you only wanted to search for a user with a username of bob you could just search on registrations.username:bob - but this would not limit the search to any particular application registration.

Yeah, that was it... I guess it was already late 😉

Two issues with the code snippet that are worth exploring:

hardDelete is supposed to be a query param

Delete requests should not have body in the request.

Find out more in the documentation for the User API

the difference between a JWT/access token and a refresh token is that a refresh token can be revoked. Every time you present it to the Identity Provider/OAuth server, the OAuth server can check to see if the user has been banned, signed out or otherwise invalidated that token. (You can revoke a JWT, but it's a pain, typically.)

A refresh token is an engineering tradeoff. Without refresh tokens, you would have two unappetizing alternatives:

an access token that lived for a long time. In this case, if the access token is stolen, the attacker has a lot of time to access systems (or you need to have some kind of access token revocation strategy, which degrades the value of stateless access tokens). requiring the user to sign in every time the token expires. That gets old if the lifetime of the access token is minutes or hours. I even get annoyed every time Google asks me to re-sign into gmail, which only happens every week or two.

The spec requires a client to explicitly request a refresh token. With FusionAuth you have to request the offline_access scope (which is common for other auth providers, but I wasn't able to find it in the RFC), so it's a way to offer more flexibility.

Hi @lucas-loreggia,

Unfortunately, this is not yet an option within FusionAuth but there is an open issue! See current discussion under issue 91. Please note, that the issue does document a workaround, using the API.

I should also point out, while not specifically the use case you are asking for here, we do have the ability to form roles, as mentioned at the bottom of the issues post.

I hope this helps!
Josh

There's additional localization and internationalization doc that was written recently here: https://fusionauth.io/docs/v1/tech/core-concepts/localization-and-internationalization/

There's additional localization and internationalization doc that was written recently here: https://fusionauth.io/docs/v1/tech/core-concepts/localization-and-internationalization/