@d-chinguun-0301 It doesn't look like you can pass dynamic custom parameters to a connector. It does seem you can configure custom HTTP headers though. If you only have a few applications for the user to log into, you could potentially set up different connectors, each with their own custom http headers.

Also, depending on what you are trying to accomplish, it may be possible to create a webhook that would respond to an event that could potentially tell an application where their most recent login came from.

@ehallpassofficial From what I can tell, you are right on with using the proxy as the way to go. I don't have specific experience with that so would love to hear from the community on theirs as well. I did find an open issue with this request and suggest you upvote it to give it some visibility.

@edschlough If you take a look at the example code from the webhook documentation, it shows how to return errors. Is this what you are after?

Yes, you can create a user without SMTP configured. In the Admin UI, disable the Send Setup Password option and set the password manually during user creation. If you’re using the API, set "sendSetPasswordEmail": false and include a "password" field in the user object.

Users API

During an upgrade, FusionAuth monitors your deployment, and if it becomes unresponsive for more than five minutes, the on-call engineer is alerted. A snapshot of the database is taken before the upgrade, so a rollback is possible, though it is manual and would result in data loss from the time of the upgrade to the rollback. Rollbacks are very rare and have only happened once in the past four years.

You can safely upgrade directly to 1.59, and many customers do skip versions. The upgrade process is straightforward: once started, the deployment status changes to Upgrading and returns to Active when complete. For production instances, downtime is minimal (typically seconds, if at all) because multi-node deployments use rolling upgrades. Most upgrades take under 20 minutes, though in rare cases they can take up to an hour.

FusionAuth never forces you to upgrade, but if you are running a very old version (1–2 years behind) and encounter issues, support may request that you upgrade before troubleshooting.

Upgrading a Deployment

We have an open issue to make passkeys one of the supported MFA methods.

But you can perform a step up passkey challenge using the APIs or the SDKs by doing the following:

User tries to access a restricted resource Customer app sees if the user has already been granted access (via the presence of a cookie, or some other mechanism). If they have, let them through. If the user hasn’t been granted access, perform a webauthn assertion workflow Call the /api/webauthn/start to get the workflow started Interact with the authenticator to produce the signature and whatever other information is needed. This is authenticator-specific. Call the /api/webauthn/assert to complete the workflow and prove possession of the authenticator If the workflow is successful Write a cookie or whatever if you want to remember this permission Let the user through If the workflow isn’t successful Deny access

If someone doesn't have a passkey enabled, which you can check by calling the /api/webauthn?userId={userId} API, direct them to the self-service account management passkey management pages.

Here are the API docs for the webauthn API.

@benlabbe2007 What version of FusionAuth are you running?

We had the same setup - needed phone verification without 2FA in FusionAuth. Ended up using webhooks to trigger an external service. I integrated with sms-verification-number.com via their API because I needed real SIM-based numbers, not VoIP. Chose a Polish operator for a local test, and the code arrived in about 50 seconds. If the SMS hadn’t come through, the system would’ve canceled and pulled a new number automatically - no charge. Since we’re testing across regions, being able to switch countries fast helped avoid delays.

Even though the FusionAuth event log source creation gets stuck and didn't complete. I did notice it made this registry key HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\FusionAuthApp

fa_event_registry.png

@atabakov Can you please share the settings for the application in that Admin UI? Please do not include any secrets.

As of 1.59.0 this is possible but it is slightly unintuitive how to do it. It’s entirely driven by the form being used. Here's how to do it:

create a new user admin form: https://fusionauth.io/docs/lifecycle/manage-users/admin-forms make sure you omit the 'password' field from the form assign the form to your tenant create a new user

You can also create a user directly via the API with no password.

Yes, I believe so.

It appears that connecting MitID to an application (also called an SP) requires utilizing an approved broker. A broker is essentially an OIDC connector.

Here is a list of official brokers: https://www.mitid.dk/en-gb/broker/current-brokers/.

We haven’t tested this, but based on reviewing Signicat’s OIDC documentation, the process seems fairly straightforward. They are one of the MitID brokers.

@francis-ducharme-0 You may have to parse the json returned from the get and modify a few things. Does the application get created but not work or does the application not get created? I would think you would need to take the relevant parts from the returned application then create the application under a new tenant? Remember you will have to use the new TenantId in the Request Header. If you are not supplying the TenantId, it will use the default.

On a side note: If you are still interested in a duplicate application across tenant feature in the API, you might want to put a request in.

@sergey_smirnov, it is awesome that you are able to follow and create steps to replicate the issue. To be 100% I'm not sure if this is a bug or a feature request. If FusionAuth is not behaving as you would like it, I would suggest opening an issue on Github. Be sure to include the details and repeatable steps.

Thanks for your answer. I got it.

You’ll need to disable or mock CAPTCHA in a test environment and adjust rate-limit settings in FusionAuth’s config or use test API keys to avoid hitting production limits during automated runs.

@mark-robustelli Thanks for your reply, Mark. If I manage to make it, I’d love to show you how I made it and what it looks like.

@lambert-torres You can get support for FusionAuth. Please see the pricing page if you are interested. I'm not sure if this is your exact situation, but you might want to look at this blog post as well.

@witard91335 Interesting, how do you see the flow working? What kind of tags are you trying to track though FusionAuth?

Hi @mark-robustelli, thanks for your reply. I need an API that logs out a user, but apparently that’s not possible. Is there any way or approach to log someone out.