Is there a way to get all locked users from fusionauth using the javascript client or by direct REST call? As far as I can see one can get that info only for concrete user and not for all available users.
Related
We use XERO to authenticate and sign in to our app on firebase, however, we dont want a user to connect with multiple organisations, we just want a user to sign in and choose a single organisation.
If we remove all tenant connections from our app once a user have finished signing in, this will solve our problem, and we already do this upon logout for the same reason.
I just wanted to find out, is there any implications of doing this ? Will our logged in user still be able to make api calls and get new access tokens ?
I could not find any info of this in the XERO docs.
Thanks
The list of connected tenants represents the orgs the user has authorized your app to interact with their Xero data on their behalf. Deleting the connections by making a DELETE call to the connections endpoint with a specified connection ID will effectively un-authorize your app to interact with that orgs Xero data until the user reauthorizes your app to do so.
So, the shorter answer is - no, you won't be able to make api calls after disconnecting.
What I think you are after is limiting the XeroAPI access_token to only be able to write to a single org at a time. This can be achieved through your UX by simply deleting all connections if they try to go through your authorize flow a second time.
That way you are limiting their API connection to a single org, and if they want to change the org they are connecting to they can use your UI to disconnect/reconnect to another one.
XeroAPI Documentation
https://developer.xero.com/documentation/oauth2/auth-flow
Removing connections
If you would like to remove an individual tenant connection from your app (e.g. a user wants to disconnect one of their orgs) you can make a DELETE request on the Connections endpoint:
DELETE https://api.xero.com/connections/{connectionId}
We are using azure ad for authentication for our application and dealing with token expiration of Azure Ad.
We need to fetch the list of users who are currently working (logged in ) into the application.
And the list of users signed out(logged off) from the application.
Its like to track the online and offline users on our application.
which Microsoft graph API we need to use . I went thru the Microsoft documentation but couldn't find the API for this use case.
Please share some code or the way I can achieve without storing user session in my db.
I'm sorry to tell you there is no such graph api command as far as I'm aware. like you said the only way to reliably do it is storing user session information on your own.
the only other thing that I can think of that you could do is try to extrapolate login information from azure audit logs, get get an approximation. you can get a list of sign-ins as per this graph endpoint. https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http
There is also the endpoint auditLogs/directoryAudits as per here https://learn.microsoft.com/en-us/azure/active-directory-b2c/view-audit-logs
that may show some information about the id tokens being issued.
other than those 2 options, I don't believe there is any better way at the moment.
After discussion with Microsoft team, We get the input that they don't have any graph api to fetch the active /logged in user list on hosted application.
But we can trace the audit logs api which will help us to get the list of users logged in at certain time. But that list is also not a real time it may have delay of 5 to 10 minutes.
We are going with manually handle the user session details.
pasting below audit log api for reference :
https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/signin-get?view=graph-rest-1.0&tabs=http
I am using external LDAP service to define Camunda Groups, Users and User Group memberships.
I can see the Groups and Users from LDAP in the Admin UI very well.
I can also use Authorisations for example to provide or revoke read access to my deployment.
But no matter what I do, any application user can see complete list of the currently running [CMMN] tasks in the /tasks REST endpoint.
I am taking an LDAP user that is a member of 2 groups.
Neither the user, nor any of his groups have any Authorizations set up in Camunda, except for ACCESS to an application (I restrict to 'cockpit' only).
Still, when I login with that user the GET /tasks lists complete list of all currently running tasks.
My test user cannot see any data /process-instance (even though there are some running), but at the same moment it can see all process instance variables via /variable-instace.
What's the purpose of restricting /process-instance without restricting /variable-instance ?
What am I missing here? Can access to the /tasks and /variable-instance be restricted?
Can the reason be that the User Tasks that I try to restrict access to had been generated by a CMMN process?
Update
Yes, my unprivileged user can see all CMMN tasks but no BPMN tasks.
So the authorization is working but it doesn't cover CMMN :(
According to this (Closed) feature request:
https://app.camunda.com/jira/browse/CAM-5875
The CMMN is 100% Enterprise version feature available since version 7.6 (I am on 7.7)
According to this (Open) feature request:
https://app.camunda.com/jira/browse/CAM-6754
The CMMN Tasks are not yet covered by the authorisation even in the enterprise version.
:(
I'm connected to an API that provides information about cars based on their registration. According to the docs the api can provide both user specific data and general data about the registration supplied.
I am using the connection method which does require specific users data, and therefore does not require me to gain access to any specific users account.
On my end users will visit my application and enter a registration number which I will use to call the API and return all of the information about the car.
Am I right in my thinking that my application is essentially the 'user' as far as the api is concerned, and I will only need to use one access token. I can then use this access token to make multiple API calls (one for each user that searches on my application)?
Or will i need to set up an access token for each user that visits my application and treat them separately.
Only your application making the API requests requires a token, unless the licence agreement/documentation of this car API says otherwise.
As far as your users are concerned, your application is just magically sourcing the registration info from its database.
I'm current developing web-app that allows a user to associate their account with their Facebook account.
I have no trouble getting the users Facebook id/session_key and extended permissions.
What I am having trouble is caching the users data in a single call.
Their documentation for User.getInfo allows multiple uid's to be passed to the API and the basic info returned but I need additional details but it doesn't state mulltiple sessions_keys are allowed.
Is there an alternative or will I just have to take the multiple web request hit?
I tried to use the Batch.run for Facebook but it turns out you cannot pass commands that require different sessions keys.
So I have to take the multiple hits.