One recommendation is to use the User Search API to gather all users for a specific Application

For example,

curl --request POST \ --url https://local.fusionauth.io/api/user/search \ --header 'Authorization: <YOUR_API_KEY>' \ --header 'Content-Type: application/json' \ --data '{ "search": { "numberOfResults": 50, "query": "{\"bool\":{\"must\":[{\"nested\":{\"path\":\"registrations\",\"query\":{\"bool\":{\"must\":[{\"match\":{\"registrations.applicationId\":\"<YOUR_APPLICATION_UUID>\"}}]}}}}]}}", "startRow": 0 } }'

Returns all the users that belong to a applciation Id using the query parameter. More information can be found in our documentation below.

https://fusionauth.io/docs/v1/tech/apis/users/#elasticsearch-search-engine

Accessing the Admin UI > Users > Search Box > Advanced > Show ElasticSearch Query Can also reveal prebuilt queries that you can run against users via API (move the toggles to observe how the query will change over time).

@abhishek

You are correct, right now there is no way to get a group name in a JWT in a straightforward manner. This is an open issue: https://github.com/FusionAuth/fusionauth-issues/issues/229 but this will most likely be resolved when https://github.com/FusionAuth/fusionauth-issues/issues/267 gets delivered (no firm timeline on that, sorry).

Options:

you could put the group name in the user.data field and put it into the JWT using a JWT populate lamba. If you are moving users in and out of groups regularly, this could be scripted, but may be a bit of a maintenance issue. assign users to a group in FusionAuth. Assign that group a role with the same name. Then you'll have access to the role in the populate JWT lambda. This seems the most straightforward to me. Note that a user only gets a role assigned to a group in FusionAuth if the user is registered for the application and is a member of a group with a role for that application.

Update: Turns out that the fusionauth/fusionauth-client libary does not seem to have support for specifying a tenantId field.

I rewrote my backend to use PHP's native cURL implementation and am back in business.

@johnmiller I do not believe that is supported. We only support text and HTML templates, not attachments.

You could include a link in your template to the file. Perhaps that will solve your problem.

If it doesn't, please add a feature request detailing your use case: https://github.com/fusionauth/fusionauth-issues/issues

@jan-meznik If there are other headers you need to set that are not supported, please file a github issue with the details: https://github.com/fusionauth/fusionauth-issues/issues

Hi @joshua,

Thank you for your reply! I will reach out to sales@fusionauth.io for additional assistance.

@nicholas-tsaoucis

Glad you figured this out!

Thanks,
Josh
FusionAuth

You should be able to return the two factor JSON as documented in the user response object. Have you tried doing that?

user.twoFactor.methods[x].authenticator.algorithm and others.

@minhngocnguyenduy Glad you found a solution!

@hanumant-sidraya

Do you mean you want to deactivate all users who were authenticating with a given connector? This is not a typical use case, so you'll need to write some code to do this.

If so, then I'd script the removal of the connector and at the same time mark all users associated with that connector as inactive (or you could hard delete them if you want).

The connectorId is not one of the searchable attributes for users, so the easiest way to do this would be to have your custom connector set an attribute on the user.data field, something like user.data.authDataSource = clientXYZ or similar.

Then you could query for all users with that user.data value and deactivate or delete them.

Hope that helps.

Thanks for sharing this! I'm glad you figured it out. I'll add a note to the sample application pointing to this forum post.

Hi both @aj-merts @wernervdwath

If I put this in my browser

http://savant.inversoft.org/com/mysql/mysql-connector-java/8.0.12/mysql-connector-java-8.0.12.jar

or

https://savant.inversoft.org/com/mysql/mysql-connector-java/8.0.12/mysql-connector-java-8.0.12.jar

I am able to download this jar.

Can you confirm this is still an active issue for you? If so, error logs or additional configuration info may be useful in debugging.

Thanks,
Josh

@patrick

Perfect 👌

@ali-sch

It is specified on the Connectors page that all connectors are a paid edition feature, but it should be clear on the pricing page as well.

Sorry about that oversight! We'll update the pricing page.

If you are interested in kicking the tires to see if connectors will solve your problem, please either contact us to chat with a sales rep, who can set you up with a trial, or sign up for a two week trial of developer edition on that pricing page. You'll have to provide a credit card, but can cancel any time in the first two weeks at no charge.

First, ensure your instance meets the requirements outlined here. In particular:

When using the Advanced Threat Detection feature, a minimum of 2GB of heap is required, and 3GB is recommended.

You also need to make sure the instance has outbound network access.

If this doesn't work, please open a support ticket.

@hanumant-sidraya

🎉 🙂

There is no built in support for this, but you may be able to modify your theme to allow for this functionality using javascript.

Here is a relatively simple example online - https://www.w3schools.com/howto/howto_js_toggle_password.asp - that should be helpful.

These are documented in here: https://fusionauth.io/docs/v1/tech/apis/users/#import-users

user.encryptionScheme is the field value to look for.

If you are using a custom password hasher, as outlined here: https://fusionauth.io/docs/v1/tech/plugins/custom-password-hashing/ you want to use the name that was used to bind the hashing class in the plugin module.

Currently the way you would do that is by using the short version in the custom field definition. This will be the programatic value that is persisted. For example:

US DE

Then in your message bundle (managed by the theme), you can translate those values into a more human readable option.

US=UNITED STATES DE=GERMANY

If we do not find a localized key, we will just use the key as the value which would then render as <option value="US">US</option>.

@rwheelerflemming

Please close this. I'm a moron and was using the Key ID instead actually clicking and revealing the Key Value.

Trust me when I say this - We have all been there RE: pebcak. 🙂

Glad you got it figured out!

Thanks,
Josh