What are
/r/IdentityManagement's
favorite Products & Services?
From 3.5 billion Reddit comments
The most popular Services mentioned in /r/IdentityManagement:
The most popular reviews in /r/IdentityManagement:
Heya, I work for FusionAuth and it seems like it might be a good option for you to evaluate. We've had customers who've looked at Auth0 and Okta (the two 800lb gorillas in the space) and have chosen FusionAuth for cost, flexibility and developer ergonomics reasons.
Happy to answer any questions if you are still in the evaluation phase.
You should be able to decode the token and see what the exp value is. If the exp value is less than the current time (in seconds) since the unix epoch, the JWT is no longer valid.
You can also post to the introspect endpoint and see if the token is valid: https://fusionauth.io/docs/v1/tech/oauth/endpoints#introspect
Hard to know exactly what to suggest without more details of your setup. Are you using OAuth? Have you set up a logout url? Is the link in your in app browser pointing to the logout endpoint? https://fusionauth.io/docs/v1/tech/oauth/endpoints#logout
If you want to use PKCE, you can. As mentioned here: https://fusionauth.io/docs/v1/tech/oauth/#example-authorization-code-grant you should review the authorization and token endpoint docs for more details.
Will this apply to the guide that I was using previously? Because I only set the Oath in applications in FusionAuth.
https://fusionauth.io/blog/2020/03/10/securely-implement-oauth-in-react
If I implemented this, how do I see how long the token will be valid? Do I still increase the valid time on token like how you mentioned earlier?
That is a setting in FusionAuth, either at the application or the tenant level:
See application.jwtConfiguration.timeToLiveInSeconds here for more: https://fusionauth.io/docs/v1/tech/apis/applications
It should be something similar to like Facebook, you have to log in to be able to do any actions actions with your account. And if you’re not logged in, you should actually not be able to do anything, since everything you do is account specific.
Is there any guide on how to implement Oauth and authorization code grant?
It’s Oauth2 you are referring to right? And this guide: https://fusionauth.io/blog/2020/03/10/securely-implement-oauth-in-react is also OAuth2?
> Do you have any suggestions if it is smart to redirect the user to the fusionauth login page right away to login if they don’t have a session token?
What can they do in your app if they aren't logged in? If there are valid anonymous use cases, then I'd allow those.
For mobile apps I'd suggest OAuth and the authorization code grant. However you don't have to do the authorization code grant, you could also do the resource owner password credentials grant. Here are three articles to help you choose: https://fusionauth.io/learn/expert-advice/authentication/login-authentication-workflows#native-mobile-application-authentication
That's awesome although there are few more identity providers that are missing in the list, all in all, its a great list :) Recently, I have heard some news about LoginRadius that they have introduced and support EU's GDPR compliance with Consent management feature https://www.loginradius.com/blog/2020/05/consent-management/ which is really awesome!