Merge branch 'master' into development

.gitignore

@@ -11,6 +11,7 @@ httpRequests
 
 # Daniel doesn't like any of the new format files and my ide keeps creating them
 .idea
+.ideaDataSources
 
 ### JetBrains template
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm

DocsDevREADME.md

@@ -27,8 +27,7 @@ Here are some guidelines to follow when writing documentation (everything under
 - All code snippets within any documents should have indenting formatted to 2 spaces.
 - When introducing a code snippet, don't use a : (colon). Instead, just use verbiage before it. "The code to exchange the token is similar to below."
 - Prefer 'You' to 'We'. 'Let's' is acceptable.
-- Headers should be title-case.  (see https://titlecase.com/ to check if you would like. No caps on articles 👍)
-- Code captions should be title cased, where the first letter of every word should be capitalized, except for a, an and the: This Code Is the Best
+- Code captions should have the the first letter of every word should be capitalized, except for a, an and the: This Code Is The Best.
 - Use the oxford comma. Apples, bananas, and oranges are my favorite fruits.
 - If something is new in a version, mark it with something like this:
 
@@ -114,13 +113,15 @@ Example response(s)
 
 ## Blog posts
 
+TODO: revise for astro
+
 For blog posts:
 - Indent all code with two spaces per level.
 - The class used for images should be updated to `class="img-fluid"`.
 - If applicable, use _includes/_what-is-fusionauth.liquid to introduce FusionAuth in a standard way.
 - Single spaces should be used instead of double spaces after a period.
 - We use rouge for code formatting. Supported languages are listed here: https://github.com/rouge-ruby/rouge/tree/master/lib/rouge/lexers
-- Blog post headers should have only the first word and any proper nouns are capitalized.
+- Blog post headers should have the first letter of words in headers should be capitalized: This Is The Header Text
   (quick check is: `grep '^## \([^ ].*\)\{0,1\}' site/_posts/<post>.md`)
 - For site navigation, use double quotes: Navigate to "Tenants" and then to the "Password" tab.
 - For field names, use double quotes: "Login Identifier Attribute".

astro/src/content/quickstarts/quickstart-springboot-api.mdx

@@ -36,7 +36,7 @@ While the access token is acquired via the Login API above, this is for simplici
 
 In this section, you’ll get FusionAuth up and running and create a resource server which will serve the API.
 
-### Clone the Code
+### Clone The Code
 
 First off, grab the code from the repository and change into that directory.
 
@@ -86,7 +86,7 @@ Make a directory for this API.
 mkdir spring-api && cd spring-api
 ```
 
-### Get the Template
+### Get The Template
 
 <a href='https://start.spring.io/' target='_blank'>Go to the Initializr site</a> and download your own starter package. You will rely on two dependencies for this project:
 

site/_layouts/doc.liquid

@@ -137,6 +137,7 @@
                     <li {% if page.url == "/docs/v1/tech/migration-guide/firebase.html" %}class="active"{% endif %}><a href="/docs/v1/tech/migration-guide/firebase">Firebase</a></li>
                     <li {% if page.url == "/docs/v1/tech/migration-guide/keycloak.html" %}class="active"{% endif %}><a href="/docs/v1/tech/migration-guide/keycloak">Keycloak</a></li>
                     <li {% if page.url == "/docs/v1/tech/migration-guide/azureadb2c.html" %}class="active"{% endif %}><a href="/docs/v1/tech/migration-guide/azureadb2c">Microsoft Azure AD B2C</a></li>
+                    <li {% if page.url == "/docs/v1/tech/migration-guide/supabase.html" %}class="active"{% endif %}><a href="/docs/v1/tech/migration-guide/supabase">Supabase</a></li>
                     <li {% if page.url == "/docs/v1/tech/migration-guide/tutorial.html" %}class="active"{% endif %}><a href="/docs/v1/tech/migration-guide/tutorial">Tutorial</a></li>
                   </ul>
                 </li>

site/_posts/2023-08-14-announcing-fusionauth-1-47.md

@@ -0,0 +1,89 @@
+---
+layout: blog-post
+title: Announcing FusionAuth 1.47
+description: This update includes performance improvements, the ability to include preferred languages on the basic registration form, and SAMLv2 assertion encryption.
+author: Dan Moore
+image: blogs/release-1-47/fusionauth-1-47.png
+category: announcement
+tags: release-announcement localization registration performance lambda connector http metrics saml
+excerpt_separator: "<!--more-->"
+---
+
+FusionAuth version 1.47 shipped in late July, 2023. This version includes performance improvements, the ability to collect preferred languages on basic registration forms, and SAMLv2 assertion encryption.
+
+<!--more-->
+
+The focus of these updates is performance. In fact, I hereby dub 1.47 the "Performance Panther" release.
+
+All in all there are 21 issues, enhancements, and bug fixes included in the 1.47.0 and 1.47.1 releases. As always, please see the [release notes](/docs/v1/tech/release-notes#version-1-47-1) for a full breakdown of the changes between 1.46.0 and 1.47.1, including any schema changes.
+
+## Performance Improvements
+
+{% include _image.liquid src="/assets/img/blogs/release-1-47/panther.png" alt="Performance panther is looking at you." class="img-fluid" figure=false %}
+
+There were a number of performance improvements in these releases, as the team focused on making FusionAuth even faster and more scalable. 
+
+Some improvements are only applicable for Enterprise clients. This included lowering the memory overhead when downloading and storing the IP location database. This IP data is used by [Advanced Threat Detection](/docs/v1/tech/advanced-threat-detection/).
+
+Other improvements apply to all FusionAuth users. These include:
+
+* Reworking the internal caching system, which improves performance when creating or deleting hundreds or thousands of applications, keys or other configuration. 
+* Capturing timing metrics around HTTP requests and Lambda and Connector invocations. These will be exposed in the [System Status API](https://fusionauth.io/docs/v1/tech/apis/system#retrieve-system-status) response.
+* Limiting the number of languages associated with a user. Sorry, you'll just have to make do with 20. In certain cases providing too many languages during registration caused performance impacts to the system.
+* Enabling JVM garbage collection logging. Reviewing garbage collection logs, while no fun, can help you understand how the JVM is impacting FusionAuth's abilities to authenticate your users.
+
+Happy tuning!
+
+## Preferred Languages On The Basic Registration Form
+
+FusionAuth has self-service registration. It comes in two flavors: 
+
+* [Basic registration](/docs/v1/tech/guides/basic-registration-forms), which is available with all plans, including the forever free Community plan.
+* [Advanced registration](/docs/v1/tech/guides/advanced-registration-forms), which requires a paid plan.
+
+In either case, when enabled, your users can self-register for your application by providing certain information.
+
+With basic, you are limited to a number of common registration fields, such as first name and last name. With 1.47, your users can now choose a preferred language when registering.
+
+To set it up, you'd enable it in the basic registration configuration.
+
+{% include _image.liquid src="/assets/img/blogs/release-1-47/preferred-languages-enable.png" alt="Enabling the preferred languages field." class="img-fluid" figure=false %}
+
+Then, the user will now see a dropdown when registering. This page [can be themed](/docs/v1/tech/themes/), of course.
+
+{% include _image.liquid src="/assets/img/blogs/release-1-47/preferred-languages-user.png" alt="The user's view of preferred languages." class="img-fluid" figure=false %}
+
+This feature is useful if your application supports multiple languages and you want to [send your welcome email](/docs/v1/tech/email-templates/templates-replacement-variables#setup-password) in the language your user prefers. Previous to 1.47, you had to use advanced registration forms to get this functionality.
+
+## SAMLv2 Assertion Encryption
+
+As of version 1.47, FusionAuth is compatible with a SAML v2 Service Provider (SP) that requires encrypted assertions. This functionality is only available when FusionAuth is acting as the SAMLv2 Identity Provider (IdP). You can enable and configure the behavior on the "SAML" tab of a given Application.
+
+Reasons why SAML assertion encryption might be useful:
+
+* The assertion contains sensitive personally identifiable information (PII).
+* The login occurs in a highly secure or regulated environment.
+* The assertion contains other sensitive data.
+* The SP requires it. :)
+
+Learn more about [configuring SAML assertion encryption](/docs/v1/tech/core-concepts/applications#assertion-encryption).
+
+## The Rest Of It
+
+As mentioned above, there were 21 issues, enhancements, and bug fixes included in these releases. A selection of the included changes not covered above includes:
+
+* Updating third party dependencies such as Jackson and the PostgreSQL client library.
+* New configuration to accept any named parameter as a login hint coming from the SAML v2 SP when FusionAuth is acting as the SAML v2 IdP. 
+* Upgrading to the latest version of our phone number validation library, which includes support and updates for a number of countries phone numbers.
+
+Read more about all the changes in the [release notes](/docs/v1/tech/release-notes#version-1-47-1).
+
+## Upgrade At Will
+
+The [release notes](/docs/v1/tech/release-notes#version-1-47-1) are a guide to the changes, fixes, and new features. Please read them carefully to see if any features you use have been modified or enhanced.
+
+If you'd like to upgrade your self-hosted FusionAuth instance, see our [upgrade guide](/docs/v1/tech/admin-guide/upgrade). 
+
+If you have a FusionAuth Cloud deployment, proceed to the "Hosting" tab on your [account dashboard](https://account.fusionauth.io/account/deployment/){:target="_blank"} and upgrade your instances. If you have any questions about the upgrade, [please open a support ticket](https://account.fusionauth.io/account/support/){:target="_blank"}.
+
+Or, if we've piqued your interest and you'd like to use FusionAuth, [check out your options](/pricing).

site/docs/v1/tech/admin-guide/account-portal.adoc

@@ -154,7 +154,7 @@ image::admin-guide/account-portal/company-danger-zone.png[The company danger zon
 
 === Support
 
-To review your support options, navigate to the [breadcrumb]#Support# tab or click on the Support widget at the bottom of the page.
+To review your support options, navigate to the [breadcrumb]#Support# tab or click on the Support button at the bottom of the page.
 The message displayed in the support tab will vary based on your purchased plan and deployments.
 
 image::admin-guide/account-portal/support-tab.png[The support tab,width=1200,role=bottom-cropped]

site/docs/v1/tech/admin-guide/technical-support.adoc

@@ -40,18 +40,22 @@ link:/license/#exhibit-a[Exhibit A of the FusionAuth license agreement] defines
 
 If you have a paid edition which includes technical support, please https://account.fusionauth.io/account/support/[open a ticket via your account portal]. This ensures that we will see it; slack messages or emails can unfortunately get lost.
 
-When you are logged in to your account, you will see the support widget in the lower right hand corner.
+When you are logged in to your account, you will see the support button in the lower right hand corner.
 
-image::admin-guide/support/support-ticket-widget.png[The support ticket widget.,width=1200,role=top-cropped]
+image::admin-guide/support/support-button.png[The support ticket button.,width=1200,role=top-cropped]
 
-When you click the widget, a window will pop up with fields for the support ticket.
-Fill these out as appropriate.
+When you click the button, you will be directed to the support tab.
+
+image::admin-guide/account-portal/support-tab.png[The support tab,width=1200,role=bottom-cropped]
+
+Click the [field]#Open a support ticket# button to create a new ticket or use the [field]#View support tickets# button to see existing support tickets.
+Fill out the form fields as appropriate to submit a new support ticket.
 We do not typically make music recommendations, however.
 
-image::admin-guide/support/file-support-ticket.png[Adding a support ticket.,width=1200]
+image::admin-guide/support/support-ticket-form.png[Adding a support ticket.,width=1200,role=bottom-cropped]
 
 **Paid support plans provide access to the engineering team.**
-If you do not have a paid support plan, you generally will not see the support widget.
+If you do not have a paid support plan, you generally will not see the support button.
 
 When you open a ticket, you will get a response within link:/pricing/[the documented time window for your edition], and typically sooner.
 

site/docs/v1/tech/core-concepts/users.adoc

@@ -15,9 +15,19 @@ The User itself is easy enough to understand, it represents your end user, your
 
 * <<User Scope>>
 * <<User Sessions>>
+** <<Session Details>>
 * <<What Makes a User Active>>
 * <<User Search>>
+** <<Configuration>>
+** <<Database Search Engine>>
+** <<Elasticsearch Search Engine>>
 * <<Segmenting Users>>
+** <<Tenants>>
+** <<Applications and Registrations>>
+** <<Groups>>
+** <<Entities and Grants>>
+** <<The user.data Field>>
+
 
 Here's a brief video covering some aspects of users:
 
@@ -152,14 +162,15 @@ include::docs/v1/tech/shared/_data-field-data-type-changes.adoc[]
 == Segmenting Users
 
 Often you want to segment or separate your users.
-You have four options to do so in FusionAuth.
+You have options to do so in FusionAuth.
 They each have different tradeoffs.
 The options are:
 
-* Tenants
-* Applications and Registrations
-* Groups
-* Entities and Grants
+* <<Tenants>>
+* <<Applications and Registrations>>
+* <<Groups>>
+* <<Entities and Grants>>
+* <<The user.data Field>>
 
 //TODO table?
 
@@ -269,3 +280,19 @@ The scheduling software could know that Richard would have access to the schedul
 
 If you were to model this using only applications, you'd have to have twenty applications in FusionAuth (two for each store) and keeping those configurations synchronized might be difficult.
 And if you added more applications or stores, you'd face a combinatorial explosion of applications.
+
+=== The user.data Field
+
+You can add add arbitrary JSON to the `user.data` field, such as `org_type` and `org_id` fields. You can do this using the link:/docs/v1/tech/apis/users[User API] on user creation.
+
+The `user.data` fields can then be read in a link:/docs/v1/tech/lambdas/jwt-populate[JWT Populate Lambda] and pushed into the tokens generated during authentication.
+
+The downstream application can examine the tokens and determine which organizations a user has access to.
+
+A variant of this is using link:/docs/v1/tech/lambdas/#using-lambda-http-connect[Lambda HTTP Connect] which can pass a user Id to an external service during authentication and retrieve user attributes such as an `org_id`. This has the advantage of avoiding synchronization at the cost of requiring a paid plan and increased latency during the authentication event. The exact amount of latency depends on the responsiveness of the called API.
+
+This approach works well when you want FusionAuth to handle authentication but keep all user segmentation logic in your application.
+
+==== The user.data Schema
+
+include::docs/v1/tech/shared/_data-field-data-type-changes.adoc[]

site/docs/v1/tech/installation-guide/cloud.adoc

@@ -512,7 +512,7 @@ image::installation-guides/cloud/custom-url-action.png[Navigating to the custom
 If you have existing custom URLs, you'll see them here.
 To add one, click [field]#Update custom URL(s)#.
 
-image::installation-guides/cloud/custom-url-update.png[The custom URLs list screen.,width=1200]
+image::installation-guides/cloud/custom-url-update.png[The custom URLs list screen.,width=1200,role=bottom-cropped]
 
 Add the domain names to [field]#Custom domains# field; for example, `auth.piedpiper.com`.
 Confirm you want the change by entering the text `CONFIRM` in the [field]#Confirm# text field.
@@ -525,7 +525,7 @@ This screen will update as the proper DNS records and other infrastructure are c
 
 image::installation-guides/cloud/custom-url-verification-instructions.png[Pending verification instructions screen.,width=1200,role=bottom-cropped]
 
-After a few minutes, you'll be shown a set of records which you'll have to add to your DNS. Once validated, the status will move to `Issued.` No further action is required at this point.
+After a few minutes, you'll be shown a set of records which you'll have to add to your DNS. Once validated, the status will move to `Issued`. No further action is required at this point.
 
 image::installation-guides/cloud/custom-url-issued.png[Pending verification custom url is in a pending state.,width=1200,role=bottom-cropped]
 
@@ -536,6 +536,10 @@ If you are using Basic Cloud, upgrade to a supported deployment type to enable a
 
 It is common to have one custom domain already associated with your deployment, such as `auth.piedpiper.com`, and need to add another domain, such as `second-auth.piedpiper.com` without affecting the first domain. The ability to add multiple domains is only available on HA Cloud deployments.
 
+You can update the custom domains for your deployment by navigating to the same page where you first added them. Note that updating the custom domains for a deployment is a _replacement_ operation. Any domains not included in the form will be deleted.
+
+image::installation-guides/cloud/custom-url-replace-domains.png[Replacing custom URLs.,width=1200,role=bottom-cropped]
+
 Setting up `auth.piedpiper.com` created two records in your DNS provider:
 
 * **A Validation Record CNAME** - adding this CNAME to your DNS authorizes FusionAuth Cloud to use `auth.piedpiper.com`

site/docs/v1/tech/migration-guide/index.adoc

@@ -21,6 +21,7 @@ These guides and resources will help you understand and scope the migration proc
 * link:/docs/v1/tech/migration-guide/duende[Duende IdentityServer] - how to migrate from Duende IdentityServer to FusionAuth
 * link:/docs/v1/tech/migration-guide/firebase[Firebase] - how to migrate from Firebase to FusionAuth
 * link:/docs/v1/tech/migration-guide/keycloak[Keycloak] - how to migrate from Keycloak to FusionAuth
+* link:/docs/v1/tech/migration-guide/supabase[Supabase] - how to migrate from Supabase to FusionAuth
 * link:/docs/v1/tech/migration-guide/tutorial[Tutorial] - how to migrate from a single user database to FusionAuth
 
 == Other Useful Migration Resources