Skip to content

Commit

Permalink
Mooreds/fix spelling nov 22 2023 (FusionAuth#2696)
Browse files Browse the repository at this point in the history
* remove ruby build, no longer used

* fixed spelling error.

* fixed spelling errors

* fixed spelling errors

* fixed spelling

* fixed incorrect image and extra periods in alt tag

* fixed spelling

* mark architectures as code so not spell checked

* fixed spelling

* ignore the personal link for spell check

* ignore mermaid diagrams

* fixed breadcrumb reference

* fixed spelling

* fixed typo

* fixed typo

* fixed typo

* added more known words
  • Loading branch information
mooreds authored Nov 22, 2023
1 parent e43a6c9 commit a29d990
Show file tree
Hide file tree
Showing 17 changed files with 101 additions and 37 deletions.
70 changes: 70 additions & 0 deletions .github/knownwords.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2293,6 +2293,7 @@ ReplicaSet
Bergal
cpus
WeRoad
WeRoad's
Danilo
Polani
Cognito
Expand Down Expand Up @@ -2948,3 +2949,72 @@ ClusterRoleBindings
VirtualBox
overcomplicate
FaceBook
EI
DS
flyctl
sanitization
Initialzr
tesserarius
CTSS
Corbató
Scherr
Thinkset
quintillion
passwording
Grammarly's
Hacktoberfest
Updata
Gartner
LogRhythm
Fairwinds
Inversoft's
intercorporate
ChatGPT's
recognitions
Pham
yay
authsome
Stihl
Zenni
CurrentDesk's
GDCing
IM
edtech
PDFs
Spotify
clientID
redirectURI
applicationID
React's
timesheet
eCommerce
Xkit's
OAuthing
unlinks
jarfiles
gamification
webhook's
StackOverflow's
wildcarded
Jian's
physicalmailaddress
IP's
VENV's
TOML
LinuxONE
Aposphere
Cyrill
Lippuner
recipientEntity
targetEntities
composable
Blazor
Actionee
nextResults
AuthenticatorAttestationResponse
ArrayBuffers
PublicKeyCredential
architected
unguessable
backport
firewalled
7 changes: 0 additions & 7 deletions .github/workflows/spellcheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,6 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- name: Build jekyll website for spellcheck
run: |
bundle exec jekyll build || true
shell: bash
- name: Install astro modules
run: cd astro && npm ci
# commenting these out because for now we aren't using compress to compress images. When we go back to that, we'll need to uncomment these
Expand Down
1 change: 1 addition & 0 deletions .spellcheck.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,4 @@ matrix:
- :matches(.spellcheck-ignore)
- :matches(.blog-tag)
- :matches(button[data-widget])
- :matches(.mermaid-diagram)
4 changes: 2 additions & 2 deletions astro/src/content/articles/authentication/avoid-lockin.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ There are certain technical issues you should consider as well. Planning upfront

### Password Hashes

While password hashes are briefly mentioned above, understanding how they might lock you in is critical for future flexibility. Having access to your hashes allows you to perform a smooth migration of users who log in with those credentials. A password hash is always one way, so if you cannot get acquire them, you are left with the follwoing unsavory options:
While password hashes are briefly mentioned above, understanding how they might lock you in is critical for future flexibility. Having access to your hashes allows you to perform a smooth migration of users who log in with those credentials. A password hash is always one way, so if you cannot get acquire them, you are left with the following unsavory options:

* never migrating
* resetting all your users' passwords
Expand All @@ -81,7 +81,7 @@ There are two password hashing concerns to be aware of.

First, what is the hashing algorithm used for your passwords?

Your authentication system documentation should specify this. It's best if this is an industy-standard hash such as Argon or PBK2DF. Certain authentication systems, such as FusionAuth, allow for [custom password hashing algorithms](/docs/extend/code/password-hashes/custom-password-hashing) to be used, which can mitigate the risk of using a nonstandard hash.
Your authentication system documentation should specify this. It's best if this is an industry-standard hash such as <code>Argon</code> or <code>PBK2DF</code>. Certain authentication systems, such as FusionAuth, allow for [custom password hashing algorithms](/docs/extend/code/password-hashes/custom-password-hashing) to be used, which can mitigate the risk of using a nonstandard hash.

Second, can you get access to the password hashes?

Expand Down
12 changes: 6 additions & 6 deletions astro/src/content/blog/announcing-fusionauth-1-33.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@ Community members have been experimenting with FusionAuth on other architectures

With version 1.33, FusionAuth officially supports [Docker images for a variety of CPU architectures](https://hub.docker.com/r/fusionauth/fusionauth-app/tags), including:

* linux/amd64
* linux/arm/v7
* linux/arm64
* linux/ppc64le
* linux/s390x
* `linux/amd64`
* `linux/arm/v7`
* `linux/arm64`
* `linux/ppc64le`
* `linux/s390x`

You can pull an architecture specific Docker image using `docker pull --platform <platform> fusionauth/fusionauth-app:latest`. These images have been generated back to FusionAuth version 1.24, at a community member's request.

Expand Down Expand Up @@ -76,7 +76,7 @@ Beginning in this release, to use the Change Password API for a user with Two-Fa

There were 30 issues, enhancements and bug fixes included in this release. A selection of these include:

* Fixing the fastpath download script; it wasn't downloading Java correctly.
* Fixing the FastPath download script; it wasn't downloading Java correctly.
* A number of bug fixes around advanced registration forms.
* The `jwt.refresh-token.revoke` event now fires correctly when you call the `/api/logout` endpoint.

Expand Down
4 changes: 2 additions & 2 deletions astro/src/content/blog/how-to-authenticate-your-react-app.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -1107,7 +1107,7 @@ Just like `/login`, we’ll create a `/logout` route to make logging out easily
touch server/routes/logout.js
```

Here is how your filetree should look so far for your `server` directory:
Here is how your file tree should look so far for your `server` directory:

```
server
Expand Down Expand Up @@ -1176,7 +1176,7 @@ You might find that after a restart or a long time between logins, your FusionAu
Some areas that you may want explore further::
- Using PKCE (pronounced 'Pixie') to give an additional layer of security to your React app's login workflows.
- Exploring roles and self-registration.
- Using an iFrame to have a custom login screen with no redirects.
- Using an iframe to have a custom login screen with no redirects.


Now you know how to integrate a React application with an OAuth server like FusionAuth. By delegating authentication to such a server, your react application can focus on building features, not auth.
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ Let's discuss the other option, a slow migration.

With a slow, or phased, migration, users are not required to reset their password. Instead, they log in to the new system, and provide their username and password, which is then forwarded to Azure AD B2C. You can use the Resource Owners Credentials grant, often called the Password grant. If credentials are correct, the user is logged in. The new system can rehash and store the password along with other user data.

The connection between Azure AD B2C must be secure and over HTTPs. Use IP restrictions, custom headers and/or client certificates; you don't want anyone to be able to pass credentials to Azure AD B2C or or to inspect traffic between the new system and Azure AD B2C.
The connection between Azure AD B2C must be secure and over HTTPS. Use IP restrictions, custom headers and/or client certificates; you don't want anyone to be able to pass credentials to Azure AD B2C or or to inspect traffic between the new system and Azure AD B2C.

The Azure AD B2C OAuth endpoint is monitored by rate limiting systems. If a dynamic threshold of failed authentications is exceeded, the rate limiting system may identify a repeated IP address (i.e. from the new system) as an attacker, so you'll want to plan for that possibility.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ cd fusionauth-example-wordpress-sso
docker compose up -d
```

This will start a WordPress instance on port 8030 and a FusionAuth instance on port 9011. Now, finish the installation of WordPress by opening up a browser window and navigating to the following adress.
This will start a WordPress instance on port 8030 and a FusionAuth instance on port 9011. Now, finish the installation of WordPress by opening up a browser window and navigating to the following address.
`localhost:8030`

You should be greeted with this screen:
Expand Down
2 changes: 1 addition & 1 deletion astro/src/content/blog/password-history.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ The password based system didn't only control access to a user's files, but also

It didn't take long for the first password system to be hacked. According to [Thinkset Magazine](https://thinksetmag.com/issue-6/the-case-of-the-purloined-password), one of the graduate students, Allan Scherr, wasn't happy with the limits on his computer time. He needed more time to do his research, and felt he should have it.

In 1966, he discovered that he could print out files, including the master password file, with a system request. When Shcherr did that, he obtained access to all the passwords of all the users on the system.
In 1966, he discovered that he could print out files, including the master password file, with a system request. When Scherr did that, he obtained access to all the passwords of all the users on the system.

Scherr didn't keep these passwords to himself, however. He shared the printouts with others to make it more difficult to track him down. Plus, other folks probably enjoyed the extra computational time. (Scherr didn't reveal his actions until decades later, at a college reunion.)

Expand Down
10 changes: 5 additions & 5 deletions astro/src/content/blog/securing-a-golang-app-with-oauth.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -57,17 +57,17 @@ The maintenance mode form requires a super user credential for your database:

It will use these credentials to create a database user for FusionAuth to connect as. Further down the maintenance mode page, you can specify the username and password of this user if you choose:

![Adding a user for FusionAuth to connect as..](/img/blogs/golang-oauth/maintenance-mode-database-lower.png" style="margin-top:30px;)
![Adding a user for FusionAuth to connect as.](/img/blogs/golang-oauth/maintenance-mode-database-lower.png)

If you want to create a FusionAuth user and database using different tools, rather than maintenance mode, you can. See the [silent mode documentation](/docs/get-started/download-and-install/silent-mode) for more on this option.

Once you've created a database for FusionAuth, you'll need to accept the license and create an initial FusionAuth account:

![The FusionAuth setup wizard..](/img/blogs/golang-oauth/setup-wizard.png)
![The FusionAuth setup wizard.](/img/blogs/golang-oauth/setup-wizard.png)

Then you'll need to log in to this new FusionAuth account. This user has administrative privileges within the FusionAuth instance:

![Logging in to the FusionAuth administrative user interface..](/img/blogs/golang-oauth/login-admin-screen.png)
![Logging in to the FusionAuth administrative user interface.](/img/blogs/golang-oauth/login-admin-screen.png)

### Create and configure a new Application

Expand All @@ -79,7 +79,7 @@ In addition, make sure that the Authorization Code checkbox is checked. This is

After successful setup, view the application by clicking the green magnifying glass. The OAuth `Client ID` and `Client Secret` values can also be found on the same screen, in the "OAuth configuration" section. You'll want to note both of those.

![The application configuration screen..](/img/blogs/golang-oauth/oauth-configuration.png)
![The application configuration screen.](/img/blogs/golang-oauth/oauth-configuration.png)

We set up this application in the default tenant. FusionAuth supports multi-tenant configurations, but for this post, we'll keep all user data in one tenant, as that makes things slightly simpler. Now, our FusionAuth setup is complete. Let's move to the golang part.

Expand Down Expand Up @@ -203,7 +203,7 @@ go run main.go

Navigate to `http://localhost:8080/`. We will get the following screen in the web browser:

![The application login page..](/img/blogs/golang-oauth/app-login.png)
![The application login page.](/img/blogs/golang-oauth/app-login.png)

Great, but how do we actually log in? Glad you asked.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,9 @@ We're currently working on proxying FusionAuth behind a custom domain name for e

I wasn't sure we'd actually find a solution, but FusionAuth fit the bill perfectly with your first-class multi-tenant support, powerful theming, ability to self-host, and built-in standards like OAuth and OIDC.

FusionAuth is a rare piece of software in that it has solved an extremely complex problem for us without any jerry rigging. It's helped us scale from 0 to 70k user accounts without a hitch. I'm constantly recommending it to people for this reason.
FusionAuth is a rare piece of software in that it has solved an extremely complex problem for us without any jerry-rigging. It's helped us scale from 0 to 70k user accounts without a hitch. I'm constantly recommending it to people for this reason.

> FusionAuth is a rare piece of software in that it has solved an extremely complex problem for us without any jerry rigging. ... I'm constantly recommending it to people for this reason.
> FusionAuth is a rare piece of software in that it has solved an extremely complex problem for us without any jerry-rigging. ... I'm constantly recommending it to people for this reason.
**Dan:** How were you solving them before FusionAuth?

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ Before you can complete your integration, assign Azure AD users to your Azure AD

## Complete the Login

At this point, what remains is to attempt a login. To test quickly, log into the FusionAuth administrative user interface. Navigate to <strong>Applications -> Your Application</strong> Click the [breadrumb]#View# link (the magnify icon), then scroll to the <strong>OAuth2 & OpenID Connect Integration details</strong> section and look for the Login URL. Copy this.
At this point, what remains is to attempt a login. To test quickly, log into the FusionAuth administrative user interface. Navigate to <strong>Applications -> Your Application</strong> Click the <strong>View</strong> link (the magnify icon), then scroll to the <strong>OAuth2 & OpenID Connect Integration details</strong> section and look for the Login URL. Copy this.

<img src="/img/docs/lifecycle/authenticate-users/identity-providers/enterprise/get-login-url.png" alt="Get OAuth2 Login URL" width="1200" />

Expand Down
Loading

0 comments on commit a29d990

Please sign in to comment.