Spencer Witt issues

Results 20 issues of


                                            Spencer Witt

Document using Android phone as roaming Authenticator

An Android phone can be connected via Bluetooth and used as a WebAuthn authenticator, but there may be some extra setup required depending on the user's preferred browser and operating...

documentation

Support FusionAuth CLI with Restish

## Support FusionAuth CLI with Restish ### Problem [Restish](https://rest.sh/#/) is a CLI for interacting with REST APIs. It provides API configuration and profiles for different use cases along with streamlined...

enhancement

client-library

Allow idp_hint parameter during an IdP-initiated SAML login

## Allow idp_hint parameter during an IdP-initiated SAML login ### Problem The `/samlv2/login` endpoint allows specifying the `idp_hint` parameter to automatically forward the user to an external IdP. The `/samlv2/initiate-login`...

enhancement

saml

Potential email enumeration via new "Confirmation required" page

## Potential email enumeration via new _Confirmation required_ page ### Description FusionAuth introduced a new _Confirmation required_ themed page in version 1.49.0. There is the potential to enumerate email addresses...

bug

security

Support refreshing an access token with narrower scope

## Support refreshing an access token with narrower scope ### Problem When using a refresh token to request a new access token, FusionAuth responds with an `invalid_scope` OAuth error if...

enhancement

openid-connect

Investigate Client Authentication for the Device Authorize Endpoint

## Investigate Client Authentication for the Device Authorize Endpoint ### Description [RFC 8628 Section 3.1](https://datatracker.ietf.org/doc/html/rfc8628#section-3.1) on the Device Authorize endpoint states that > The client authentication requirements of Section 3.2.1...

[Bug]: Hosted backend does not support second-level domains

### What happened? ## Problem FusionAuth's [hosted backend API](https://fusionauth.io/docs/apis/hosted-backend) creates cookies on the broadest domain that is not a top-level domain. This causes issues for second-level domains such as `.co.uk`...

bug

[Bug]: Attempting to sort API keys by key value produces error in admin UI

### What happened? Clicking the column header to sort API keys by the key value in the admin UI produces a 500 server error. ![image](https://github.com/FusionAuth/fusionauth-issues/assets/3409780/3d5f2d7d-bc71-4af0-9bc5-eeeaa156bd6e) ![image](https://github.com/FusionAuth/fusionauth-issues/assets/3409780/7cd6011e-d3a6-4f60-9629-fbda593c81eb) Clicking the header should...

bug

Sample email/theme templates missing `postMethod` variables

## Email templates The sample email templates provided in FusionAuth's [Email Variables](https://fusionauth.io/docs/v1/tech/email-templates/templates-replacement-variables#passwordless-login) documentation do not contain the `postMethod` query string parameters. These parameters are used in emailed links to prevent...

bug

Review search API criteria sort options

## Review search API criteria sort options ### Description Some API search criteria do not provide an unambiguous ordering by default. If data must be paginated for the response, this...

bug