The FusionAuth.Applications module provides access methods to the FusionAuth Applications API.

All methods require a Tesla Client struct created with FusionAuth.client(base_url, api_key, tenant_id).

Application Fields

• id :: String.t()

  The Id of the Application.

• active :: boolean()

  Whether or not the Application is active.

• authenticationTokenConfiguration :: map()

  • enabled :: boolean() Whether or not Users can have Authentication Tokens associated with this Application.

• cleanSpeakConfiguration :: map()

  • applicationIds :: list() An array of UUIDs that map to the CleanSpeak applications for this Application.
  • enabled :: boolean() True if CleanSpeak integration is enabled. This setting is global and is not modifiable using this API.
  • usernameModeration :: map()
    • applicationId :: String.t() The Id of the CleanSpeak application that usernames are sent to for moderation.
    • enabled :: boolean() True if CleanSpeak username moderation is enabled.

• data :: map()

  An object that can hold any information about the Application that should be persisted.

• jwtConfiguration :: map()

  • accessTokenKeyId :: String.t() The Id of the signing key used to sign the access token.
  • enabled :: boolean() Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration.
  • idTokenKeyId :: String.t() The Id of the signing key used to sign the Id token.
  • refreshTokenTimeToLiveInMinutes :: integer() The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
  • timeToLiveInSeconds :: integer() The length of time in seconds the JWT will live before it is expired and no longer valid.

• lambdaConfiguration :: map()

  • accessTokenPopulateId :: String.t() The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
  • idTokenPopulateId :: String.t() The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
  • samlv2PopulateId :: String.t() The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

• loginConfiguration :: map()

  • allowTokenRefresh :: boolean() Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter.
  • generateRefreshTokens :: boolean() Indicates if a Refresh Token should be issued from the Login API.
  • requireAuthentication :: boolean() Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

• name :: String.t()

  The name of the Application.

• oauthConfiguration :: map()

  • authorizedOriginURLs :: list() An array of URLs that are the authorized origins for FusionAuth OAuth.
  • authorizedRedirectURLs :: list() An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
  • clientId :: String.t() The OAuth client Id of the Application.
  • clientSecret :: String.t() The OAuth client secret.
  • deviceVerificationURL :: String.t() The device verification URL to be used with the Device Code grant type.
  • enabledGrants :: list() The enabled grants for this application. Supported values include: authorization_code, implicit, password, refresh_token, device_code
  • generateRefreshTokens :: boolean() Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
  • logoutBehavior :: String.t() Behavior when /oauth2/logout is called. Valid values: RedirectOnly, AllApplications
  • logoutURL :: String.t() The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
  • requireClientAuthentication :: boolean() Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint.

• passwordlessConfiguration :: map()

  • enabled :: boolean() Determines if passwordless login is enabled for this application.

• registrationConfiguration :: map()

  • birthDate :: map()
    • enabled :: boolean() Determines if the birthDate field will be included on the registration form.
    • required :: boolean() Determines if the birthDate field is required when displayed on the registration form.
  • confirmPassword :: boolean() Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
  • enabled :: boolean() Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
  • firstName :: map()
    • enabled :: boolean() Determines if the firstName field will be included on the registration form.
    • required :: boolean() Determines if the firstName field is required when displayed on the registration form.
  • fullName :: map()
    • enabled :: boolean() Determines if the fullName field will be included on the registration form.
    • required :: boolean() Determines if the fullName field is required when displayed on the registration form.
  • lastName :: map()
    • enabled :: boolean() Determines if the lastName field will be included on the registration form.
    • required :: boolean() Determines if the lastName field is required when displayed on the registration form.
  • loginIdType :: String.t() The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
  • middleName :: map()
    • enabled :: boolean() Determines if the middleName field will be included on the registration form.
    • required :: boolean() Determines if the middleName field is required when displayed on the registration form.
  • mobilePhone :: map()
    • enabled :: boolean() Determines if the mobilePhone field will be included on the registration form.
    • required :: boolean() Determines if the mobilePhone field is required when displayed on the registration form.

• registrationDeletePolicy :: map()

  • unverified :: map()
    • enabled :: boolean() Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    • numberOfDaysToRetain :: integer() The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. Value must be greater than 0.

• roles :: list()

  An array of Role objects

• samlv2Configuration :: map()

  • audience :: String.t() The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
  • callbackURL :: String.t() The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
  • debug :: boolean() Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
  • enabled :: boolean() Whether or not the SAML IdP for this Application is enabled or not.
  • issuer :: String.t() The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration.
  • keyId :: String.t() The id of the Key used to sign the SAML response.
  • logoutURL :: String.t() The URL that the browser is taken to after the user logs out of the SAML service provider.
  • xmlSignatureC14nMethod :: String.t() The XML signature canonicalization method used when digesting and signing the SAML response.

• verificationEmailTemplateId :: String.t()

  The Id of the Email Template that is used to send the Registration Verification emails to users.

• verifyRegistration :: boolean()

  Whether or not registrations to this Application may be verified.

Role Fields

• id :: String.t()

  The Id of the Role.

• description :: String.t()

  A description for the role.

• name :: String.t()

  The name of the role.

• isDefault :: boolean()

  Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided.

• isSuperRole :: boolean()

  Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API.

Examples

iex> client = FusionAuth.client("http://localhost:9011", "sQ9wwELaI0whHQqyQUxAJmZvVzZqUL-hpfmAmPgbIu8", "6b40f9d6-cfd8-4312-bff8-b082ad45e93c")
iex> FusionAuth.Applications.get_application(client, "8e0c9833-2e6b-4b1c-9665-4c1af7b4f00a")
{:ok,
  %{
    "application" => %{
      "active" => true,
      "authenticationTokenConfiguration" => %{"enabled" => false},
      "id" => "8e0c9833-2e6b-4b1c-9665-4c1af7b4f00a",
      "jwtConfiguration" => %{
        "enabled" => false,
        "refreshTokenExpirationPolicy" => "Fixed",
        "refreshTokenTimeToLiveInMinutes" => 0,
        "refreshTokenUsagePolicy" => "Reusable",
        "timeToLiveInSeconds" => 0
      },
      "lambdaConfiguration" => %{},
      "loginConfiguration" => %{
        "allowTokenRefresh" => false,
        "generateRefreshTokens" => false,
        "requireAuthentication" => true
      },
      "name" => "Test Application",
      "oauthConfiguration" => %{
        "clientId" => "8e0c9833-2e6b-4b1c-9665-4c1af7b4f00a",
        "clientSecret" => "6Gu2kpFxGN8YF9ztwjDdWy6pRTlsapgnWvIyIEzmGM1",
        "generateRefreshTokens" => false,
        "logoutBehavior" => "AllApplications",
        "requireClientAuthentication" => true
      },
      "passwordlessConfiguration" => %{"enabled" => false},
      "registrationConfiguration" => %{
        "birthDate" => %{"enabled" => false, "required" => false},
        "confirmPassword" => false,
        "enabled" => false,
        "firstName" => %{"enabled" => false, "required" => false},
        "fullName" => %{"enabled" => false, "required" => false},
        "lastName" => %{"enabled" => false, "required" => false},
        "loginIdType" => "email",
        "middleName" => %{"enabled" => false, "required" => false},
        "mobilePhone" => %{"enabled" => false, "required" => false}
      },
      "registrationDeletePolicy" => %{
        "unverified" => %{"enabled" => false, "numberOfDaysToRetain" => 0}
      },
      "roles" => [
        %{
          "id" => "54d363df-373b-4bca-b478-941fcdacb3d0",
          "isDefault" => false,
          "isSuperRole" => false,
          "name" => "Test Role"
        }
      ],
      "samlv2Configuration" => %{
        "debug" => false,
        "enabled" => false,
        "xmlSignatureC14nMethod" => "exclusive_with_comments"
      },
      "tenantId" => "6b40f9d6-cfd8-4312-bff8-b082ad45e93c",
      "verifyRegistration" => false
    }
  },
  %Tesla.Env{...}
}

iex> client = FusionAuth.client("http://localhost:9011", "sQ9wwELaI0whHQqyQUxAJmZvVzZqUL-hpfmAmPgbIu8", "6b40f9d6-cfd8-4312-bff8-b082ad45e93c")
iex> FusionAuth.Applications.update_role(client, "8e0c9833-2e6b-4b1c-9665-4c1af7b4f00a", "54d363df-373b-4bca-b478-941fcdacb3d0", %{isSuperRole: true})
{:ok,
  %{
    "role" => %{
      "id" => "54d363df-373b-4bca-b478-941fcdacb3d0",
      "isDefault" => false,
      "isSuperRole" => true,
      "name" => "Test Role"
    }
  },
  %Tesla.Env{...}
}