I don't believe there's any way to find the expiry of a changePasswordId.

You could:

keep track of it yourself, since you know when you started the flow and you know how long the id is good for (it is in the tenant settings, I believe). build your own request password flow and just use this call: https://fusionauth.io/docs/v1/tech/apis/users#change-a-users-password with the loginId and an API key just try to change it and if you get a 404, redisplay the reset password flow. This is the default option.

Fix is live: https://github.com/FusionAuth/fusionauth-site/pull/147

I searched the fusionauth issues list and only came up with one issue mentioning RADIUS, but it may be worth reading if you haven't already. https://github.com/FusionAuth/fusionauth-issues/issues/219

Thanks for reporting, we have recreated the issue. It will be tracked and solved under this issue. https://github.com/FusionAuth/fusionauth-issues/issues/749

Ok thanks for info. Maybe include that somewhere in the documentation?

Hi David,

It sounds like you're looking for a way to pass the timezone of the user into the passwordless call so it is available in the email template. I agree that the current timezone is more useful than the possibly stale value in the user profile.

I don't know of any way to do this currently. So my suggestion would be to file a feature request: https://github.com/fusionauth/fusionauth-issues

@civaxox259
you fix you problem on `https://libroslara.com/libros/
becouse i donde see any problem on tha page

@bboure You may be interested in this new feature from the 1.17.0 release, which allows for a sliding window of refresh tokens:

Sliding Window Refresh Token Expiration. By default the expiration of a refresh token is calculated from the time it was originally issued. Beginning in this release you may optionally configure the refresh token expiration to be based upon a sliding window. A sliding window expiration means that the expiration is calculated from the last time the refresh token was used. This expiration policy means that if you are using refresh tokens to maintain a user session, the session can be maintained as long as the user remains active. This expiration policy must be enabled at the tenant level, and may optionally be overridden by the Application JWT configuration.

Symmetric keys are not returned on the JWKS endpoint, as they don't have a public key. Per the docs this api:

returns public keys generated by FusionAuth, used to cryptographically verify JWTs using the JSON Web Key format

If you create an RSA or EC key which is an asymmetric key pair - the public key will be returned on the JWKS endpoint. If you don’t have any key pairs configured , it will be empty. Out of the box, you’ll only have one HMAC key which we don’t publish in JWKS.

Can you use an include for the function body? For example: (where myLambda.ftl is your Lambda function in a folder named lambdas)

"lambda":{ "body": "@{lambdas/myLambda.ftl}", }

That should preserve your line returns if you include it that way. Hope that helps!

ah, thanks for explaining.

I can't see any way to do this. The behavior of these grants are outlined in the RFC, so are pretty limited in flexibility. It looks like auth0 allows something similar to this, so I'm guessing it's not against the spec.

I looked through some code and didn't find support for that. Can you please file an feature request outlining your use case? https://github.com/fusionauth/fusionauth-issues

Hi @peter-babinec ,

Thanks for looking at the existing issues. I'd say that #178 is close too. Here's our general statement on our roadmap.

Based on the number of votes that these issues have, we can't commit to a near term solution for you.

Your options:

engage us via a professional services agreement to build this feature out. We're happy to give quotes after discussing requirements. build out a custom login interface using the login API, which will let you control the UI/UX entirely.

Regarding your second suggestion:

Also it would be nice to provide "more options" button on the login screen for accessing other login methods (e.g. using email and password) even though the user is configured to login via specific IdP.

Please file a feature request, as I don't think that use case is covered by any existing request.

Hope this helps.

Thanks! I appreciate it.

I will keep track using the link, and i'll thumbs up the issues.

Ah, great. So unfortunately, since this feature request is open, the functionality hasn't been built yet, but is on the roadmap. Here are your options to influence the roadmap:

https://fusionauth.io/community/forum/topic/172/the-fusionauth-roadmap

If you'd like APIs to automatically log to the audit log, without additional calls to the Audit Log API, please vote for this issue: https://github.com/FusionAuth/fusionauth-issues/issues/507

I think you want skipVerification set to true.

From the docs:

Whether or not email verification should be skipped or not. In some cases, you might want to verify User’s emails and in other cases you won’t. This flag controls that behavior.

I'd start at https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html and read the reference documentation.

HTH.

Hmmm.

Here's an issue tracking digitalocean database issues--some managed databases don't work right now: https://github.com/FusionAuth/fusionauth-issues/issues/95

The number of open connections should be around 10. I believe that is per fusionauth instance.

What were the specs you were seeing the issues with?

what version of fusionauth how many pods running it what version of postgres what size were the pods (in terms of memory and CPU) what are the replication steps to trigger the negative performance impacts

We've seen FusionAuth (the application) run in 64M of RAM. You can specify the maximum amount of memory used in the configuration file or via environment args. More here: https://fusionauth.io/docs/v1/tech/reference/configuration

Note that if you don't need advanced search functionality, you can use the database search engine and avoid running elasticsearch: https://fusionauth.io/docs/v1/tech/tutorials/switch-search-engines talks about how to switch between them. That may eliminate some of the memory pressure if you were running elastic.

There are many using FusionAuth in this manner, we don't currently offer any specific documentation on integrating with API Gateways.

I would love to have this documentation at some point, however as far as I know most if not all of the options I've seen have a fairly standard integration using a JWT.

Once you know what the Gateway such as Kong is looking for in the JWT to perform authorization you can use the JWT populate lambda to ensure the JWT has everything you need.

https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate
https://fusionauth.io/docs/v1/tech/oauth/tokens

Hope that helps!