When creating an external JWT provider in FusionAuth, there is need to set managed domains. When a new user is coming to my app, how can I know his domain ? Is there a possibility to set that all domains are accepted ? Wildcards and empty list does not work.
Asked
Active
Viewed 66 times
1 Answers
0
FusionAuth does not support a use case where you do not know ahead of time what email domain the user may be coming from. In order to validate the token signature from the 3rd party you will need to configure a public key, certificate or HMAC secret in FusionAuth such that we can validate the token.
A typical use case would be that you have a 3rd party that has employees that want to log into your application using their own IdP. In this case, let's say the company is Acme, Co, and each employee has an email domain of @acme.com. In this case FusionAuth needs the certificate or public key used by Acme, Co in order to verify the token sent to the Identity Provider Login API.
If you have a scenario where you do not know the origin of the incoming token, then FusionAuth also will not know how to verify the token signature.
I would need some additional context of your use case to see if it would be possible in FusionAuth.
robotdan
- 1,022
- 1
- 9
- 17