BTW I have successfully implemented Facebook social login using Complete Facebook Login api which is actually the same endpoint/api as of Complete google login but with a different identity provider value. It's quite a weird behavior that that api is working with facebook but not with google. 😞

Could you guys please take a look over it? Or I am missing something in case of google login if it needs some configuration.

The doc should be updated now, @sh

Sorry about that!

Fixed the problem on my own, for everyone running into this problem too. Check your redirect uri in config.js and your fusionauth dashboard.

In my case I got redirected to:

http://login.ruffyg.de/oauth-callback?...........

but of course it has to redirect to my express server which is on port 9000 so:

http://login.ruffyg.de:9000/oauth-callback?...........

@dan Sorry I didn't get a notification that you'd replied, so my apologies that I didn't see that sooner. I'll try moving to the latest version to see if that helps before reporting back.

When I changed the user's password manually in FA (change on next login was still enabled), it then allowed the password to be changed properly via the API without any Trust Token.

@agbichpuriya

The private RSA key should not be present in your JWT. The public key should not be present either, but a kid should be present in the header identifying the public/private keypair that was used to sign the JWT.

Please share a sample JWT with this issue.

@sswami Thanks!

Please file a feature request here: https://github.com/fusionauth/fusionauth-issues/issues outlining your use case. We love community feature requests and weigh community support (in terms of upvotes) when considering future work.

Here's our general roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap

@owen-melbourne If you are using FusionAuth Cloud and see this, please open a support ticket.

@johnanisere

I'm not quite sure what you are asking for. Are you using FusionAuth hosted login pages? If so, the 'sign in/sign up with google' button should be present for any FusionAuth application you've configured it for.

If you are not, you are responsible for starting off the sign in/sign up process on your own and then calling the 'complete login' API as documented here: https://fusionauth.io/docs/v1/tech/apis/identity-providers/google#complete-the-google-login

Which approach are you taking?

@dan yes seems it is still not working ... Thank you

No. Our cloud is a fully managed system, so you shouldn't care about the underlying technology.

It isn't built with Kubernetes so when we launch a deployment in it, it's constructed using a different approach.

If you want to run FusionAuth with kubernetes, that is supported, but you must self-host. More details here: https://fusionauth.io/docs/v1/tech/installation-guide/kubernetes/

@pyroseza

So it sounds like you're trying to figure out a way to know when FusionAuth has completed startup.

The webhook is one way to do that. As you said, you can set up a kickstart event webhook within a kickstart file.

Another way is to poll for a known value, such as a non-default tenant that you know your setup has added. That may be a simpler solution for you.

Either way, you'll have to write some code to kick off the testing once you receive a signal that FusionAuth is ready.

I personally would have preferred if there was an API endpoint I could query is to whether or not the kickstart has completed successfully, but instead we were given a webhook and I'm not quite sure how I should be using it.

You'll need to write a webhook receiver that will kick off your tests (or whatever the next step of your testing setup is). I'm not quite sure how do that in one github action, but it should be pretty easy to split up a github action into two actions, a setup one (where you set everything up, including FusionAuth) and a test action (which you kick off in response to the FusionAuth webhook firing).

I think you'd want the workflow_call event: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_call

@dan

I actually got the issue resolved, I had the PKCE configured as "Not Required". After I changed that to "Required" the flow worked as expected.

Thanks.

@gokul-mahajan20 I think you can find examples here: https://github.com/FusionAuth/fusionauth-jwt/#sign-and-encode-a-jwt-using-hmac

@lambert-torres I'd recommend using a webhook, probably this one: https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-registration-create-complete and then in the webhook receiver, calling the API to add them to a group.

There is no built in support for this functionality.

@flaviofdiez

Thanks for sharing your thoughts.

If you want to mark a user inactive, you can do a soft delete on that user: https://fusionauth.io/docs/v1/tech/apis/users#delete-a-user

Then you can re-activate them: https://fusionauth.io/docs/v1/tech/apis/users#reactivate-a-user

I'm not sure what you mean by expired? That seems like a construct you are creating yourself?

If you want to apply a time based attribute to a user, you could use user actions: https://fusionauth.io/docs/v1/tech/apis/actioning-users which let you apply an action to a user, which can be for a limited period of time or forever (until you remove it). There's some support in the admin UI for applying user actions.

HTH.