-
## Creating a new tenant copies the connector policy of the default tenant
### Description
If you create a new tenant via the admin UI, the connector policy of the default tenant is copied, wha…
-
## Invalidating sessions on a per application basis
### Problem
We don’t have a great way to invalidate other sessions right now. For example, if a user wants peace of mind by logging out all ot…
-
## Ability to remove PII from api (/oauth2/userinfo, /api/user)
### Problem
At the moment, Fusion Auth leaks a lot of personal data into tokens and on endpoints that may not be relevant to the cal…
-
## A JWT configured to be signed using the `ES512` algorithm may have an invalid signature
### Description
It is possible that when using the `ES512` algorithm to sign a JWT, the signature may n…
-
## Missing out id from user on importUsers results in internal server error
### Description
doing a POST on /api/user/import with a user that doesn't have an id specified results in internal exce…
-
## Add additional CSRF protection when FusionAuth is functioning as a SAML IdP #2611
### Description
If a SAML state contains an unregistered redirect URI in its `acs` value, override it with the …
-
## (Put bug title here)
### Description
`passwordValidationRules` not available when redirecting a user to change their password (after a successful login typically). This was available as a var…
-
## Mask potentially sensitive values when writing to the audit log in the admin UI
### Description
Ensure we are masking or removing sensitive information when writing to the audit log.
### Re…
-
NOTE: this issue tracks the discussion around the decision to even do this. This is _not_ the implementation issue.
## Situation
The FusionAuth React SDK has a `FusionAuthProvider` component that is…
-
Re-work the HTTPS code.
### Related
- https://github.com/FusionAuth/fusionauth-issues/issues/2614
- https://github.com/FusionAuth/fusionauth-issues/issues/2498