FusionAuth · mooreds · Feb 19, 2025 · Feb 19, 2025
@@ -3,34 +3,9 @@ interface Props {
   since: string
 }
 
-const { since, showSince }: Props = Astro.props;
-
+const { since }: Props = Astro.props;
 if (!since) {
   throw new Error("No since field");
 }
-
-const semverToPaddedNumber = function (semver) {
-  const [major, minor, patch] = semver.split('.').map(Number);
-
-  if (isNaN(major) || isNaN(minor) || isNaN(patch)) {
-    throw new Error("Invalid semver format");
-  }
-
-  return `${major}${String(minor).padStart(3, '0')}${String(patch).padStart(2, '0')}`;
-};
-
-// showSince is a 6 digit number
-// the first one is the major version
-// the next three are the minor version
-// the last two are the patch version
-// it is used to only show availableSince on feature doc that were created before this field was added.
-// If the field was added before the feature was added, availableSince makes no sense.
-
-// For example, the user.login.suspicious event was added in 1.30.0 and returns an authentication type. But some of those authentication types (Apple) were added before this event was added.
-// in this case, we'd provide showSince of 1.30.0 and only authentication types added after 1.30.0 would show the available since value
-
-const alwaysShow = showSince === undefined;
-const show = alwaysShow || (semverToPaddedNumber(since) > semverToPaddedNumber(showSince));
-
 ---
-<span class='text-green-500 text-sm italic'>{show ? 'Available since ' + since : ''</span>
+<span class='text-green-500 text-sm italic'>Available since {since}</span>
@@ -1,6 +1,6 @@
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
+import AuthenticationTypeClaimValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import InlineField from 'src/components/InlineField.astro';
 import RemovedSince from 'src/components/api/RemovedSince.astro';
 
@@ -20,7 +20,7 @@ import RemovedSince from 'src/components/api/RemovedSince.astro';
   <APIField name="authenticationType" type="String">
     The method used to authenticate the User which resulted in this JWT being generated. The possible values are:
 
-    <AuthenticationTypeValues />
+    <AuthenticationTypeClaimValues show_since="100000" />
   </APIField>
   <APIField name="auth_time" type="Long" since="1.36.0">
     The time of the initial authentication request, expressed as UNIX time which is the number of seconds since Epoch. This claim will remain the same even when the token has been re-issued through the use of a Refresh Token.

@@ -0,0 +1,37 @@
+---
+# show_since is a 6 digit number
+# the first one is the major version
+# the next three are the minor version
+# the last two are the patch version
+# it is used to only show availableSince on feature doc that were created before the authentication type was created. If the authenticationType was added before the feature was added, availableSince makes no sense.
+---
+import AvailableSince from 'src/components/api/AvailableSince.astro';
+
+* `APPLE` - The User was authenticated using Apple. {props.show_since < 101700 ? <AvailableSince since="1.17.0" /> : ''}
+* `APPLICATION_TOKEN` - The User was authenticated using an [Application Authentication Token](/docs/lifecycle/authenticate-users/application-authentication-tokens).
+* `EpicGames` -The User was authenticated using Epic Games. {props.show_since < 102800 ? <AvailableSince since="1.28.0" /> : ''}
+* `FACEBOOK` - The User was authenticated using Facebook. {props.show_since < 100100 ? <AvailableSince since="1.1.0" /> : ''}
+* `FEDERATED_JWT` - The User was authenticated using a JWT from an external Identity Provider.
+* `GENERIC_CONNECTOR` - The user was authenticated using a generic connector. {props.show_since < 101800 ? <AvailableSince since="1.18.0" /> : ''}
+* `GOOGLE` - The User was authenticated using Google. {props.show_since < 100100 ? <AvailableSince since="1.1.0" /> : ''}
+* `HYPR` - The User was authenticated using the HYPR provider. {props.show_since < 101200 ? <AvailableSince since="1.12.0" /> : ''}
+* `JWT_SSO` - A valid JWT authorized to one Application was exchanged for another JWT authorized to a different Application.
+* `LDAP_CONNECTOR` -  The user was authenticated using an LDAP connector. {props.show_since < 101800 ? <AvailableSince since="1.18.0" /> : ''}
+* `LINKEDIN` -  The user was authenticated using LinkedIn. {props.show_since < 102300 ? <AvailableSince since="1.23.0" /> : ''}
+* `Nintendo` - The User was authenticated using Nintendo. {props.show_since < 103600 ? <AvailableSince since="1.36.0" /> : ''}
+* `ONE_TIME_PASSWORD` The User was authenticated using a one time password. {props.show_since < 100500 ? <AvailableSince since="1.5.0" /> : ''}
+* `OPENID_CONNECT` - The User was authenticated using an external OpenID Connect provider. {props.show_since < 100100 ? <AvailableSince since="1.1.0" /> : ''}
+* `PASSWORD` - The User was authenticated using a loginId and password combination.
+* `PASSWORDLESS` - The user was authenticated using a passwordless login link. {props.show_since < 100500 ? <AvailableSince since="1.5.0" /> : ''}
+* `PING` - The user was authenticated using a `PUT` request on the Login API. This is used to record a login event without prompting for credentials, such as when the FusionAuth SSO session is used.
+* `REFRESH_TOKEN` - The User requested a new JWT using a Refresh Token.
+* `REGISTRATION` - The user was created using the Registration API. {props.show_since < 101600 ? <AvailableSince since="1.16.0" /> : ''}
+* `SAMLv2` - The User was authenticated using an external SAMLv2 provider. {props.show_since < 100600 ? <AvailableSince since="1.6.0" /> : ''}
+* `SAMLv2IdpInitiated` - The User was authenticated using an external SAMLv2 provider using an IdP Initiated login. {props.show_since < 102800 ? <AvailableSince since="1.28.0" /> : ''}
+* `SonyPSN` - The User was authenticated using Sony. {props.show_since < 102800 ? <AvailableSince since="1.28.0" /> : ''}
+* `Steam` - The User was authenticated using Steam. {props.show_since < 102800 ? <AvailableSince since="1.28.0" /> : ''}
+* `TWITTER` - The User was authenticated using Twitter. {props.show_since < 100100 ? <AvailableSince since="1.1.0" /> : ''}
+* `Twitch` - The User was authenticated using Twitch. {props.show_since < 102800 ? <AvailableSince since="1.28.0" /> : ''}
+* `USER_CREATE` - The user was created using the User API. {props.show_since < 101600 ? <AvailableSince since="1.16.0" /> : ''}
+* `WebAuthn` - The User was authenticated using a passkey. {props.show_since < 104100 ? <AvailableSince since="1.41.0" /> : ''}
+* `Xbox` - The User was authenticated using Xbox. {props.show_since < 102800 ? <AvailableSince since="1.28.0" /> : ''}
@@ -143,7 +143,7 @@ import SearchPreprocessingWarning from "src/content/docs/_shared/_search-preproc
       </p>
 
       <p>
-      You may search against specific fields like so: <code>email:*fusionauth.io</code>. This will match only users with a <code>fusionauth.io</code> email address. Here are <a href='/docs/reference/user-fields'>the available fields for matching</a>.
+      You may search against specific fields like so: <code>email:*fusionauth.io</code>. This will match only users with a <code>fusionauth.io</code> email address. You may find the available fields for matching by retrieving the <a href="https://www.elastic.co/guide/en/elasticsearch/reference/6.3/indices-get-mapping.html">Elasticsearch mapping</a>.
       </p>
 
       <SearchPreprocessingWarning/>

@@ -77,7 +77,7 @@ import SearchPreprocessingWarning from "src/content/docs/_shared/_search-preproc
 
     The match is case-insensitive. Whitespace is allowed in the search, but must be URL escaped; for example, using `%20` for a space character. Elasticsearch compatible regular expressions may be used, so you may search by prefix or suffix using the `*` wildcard.
 
-    You may search against specific fields like so: `name:*API`. This will match only entities with a name ending in a `API`. Here are [the available fields for matching](/docs/reference/user-fields).
+    You may search against specific fields like so: `name:*API`. This will match only entities with a name ending in a `API`. You may find the available fields for matching by retrieving the [Elasticsearch mapping](https://www.elastic.co/guide/en/elasticsearch/reference/6.3/indices-get-mapping.html).
 
     <SearchPreprocessingWarning/>
   </APIField>

@@ -6,7 +6,7 @@ section: extend
 subcategory: code
 tertcategory: lambdas
 ---
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
+import AuthenticationTypeValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import Breadcrumb from 'src/components/Breadcrumb.astro';
 import InlineField from 'src/components/InlineField.astro';
 
@@ -48,7 +48,7 @@ The `result` object contains an [Errors](/docs/apis/errors) object. The `user` a
 
 `authenticationtype` is the method used to authenticate the user. The possible values are:
 
-<AuthenticationTypeValues showSince="1.53.0" />
+<AuthenticationTypeValues show_since="105300" />
 
 The `identityProvider` object in the `context` will only be present when the login request is from a 3rd party Identity Provider.
 

@@ -6,7 +6,7 @@ subcategory: events and webhooks
 tertcategory: events
 ---
 import APIField from 'src/components/api/APIField.astro';
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
+import AuthenticationTypeValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import Event from 'src/content/docs/extend/events-and-webhooks/events/_event.astro';
 import EventBody from 'src/content/docs/extend/events-and-webhooks/events/_event-body.astro';
 import InlineField from 'src/components/InlineField.astro';
@@ -33,7 +33,7 @@ export const eventType = 'user.login.failed';
   <APIField slot="leading-fields" name="event.authenticationType" type="String">
     The type of authentication used in the login request. The possible values are:
 
-    <AuthenticationTypeValues showSince="1.6.0" />
+    <AuthenticationTypeValues show_since="100600" />
   </APIField>
 
   <APIField slot="leading-fields" name="event.createInstant" type="Long">
@@ -78,7 +78,7 @@ export const eventType = 'user.login.failed';
   </APIField>
 
   <APIField slot="trailing-fields" name="event.type" type="String">
-    The event type, this value will always be <code>{eventType}</code>.{/* eslint-disable-line */}
+    The event type, this value will always be <code>{eventType}</code>.
   </APIField>
 
   <APIField slot="trailing-fields" name="event.user" type="Object">

@@ -6,7 +6,7 @@ subcategory: events and webhooks
 tertcategory: events
 ---
 import APIField from 'src/components/api/APIField.astro';
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
+import AuthenticationTypeValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import Event from 'src/content/docs/extend/events-and-webhooks/events/_event.astro';
 import EventBody from 'src/content/docs/extend/events-and-webhooks/events/_event-body.astro';
 import InlineField from 'src/components/InlineField.astro';
@@ -34,7 +34,7 @@ export const eventType = 'user.login.new-device';
   <APIField slot="leading-fields" name="event.authenticationType" type="String">
     The type of authentication used in the login request. The possible values are:
 
-    <AuthenticationTypeValues showSince="1.30.0" />
+    <AuthenticationTypeValues show_since="103000" />
   </APIField>
 
   <APIField slot="leading-fields" name="event.connectorId" type="UUID">
@@ -62,7 +62,7 @@ export const eventType = 'user.login.new-device';
   </APIField>
 
   <APIField slot="leading-fields" name="event.type" type="String">
-    The event type, this value will always be <code>{eventType}</code>.{/* eslint-disable-line */}
+    The event type, this value will always be <code>{eventType}</code>.
   </APIField>
 
   <APIField slot="leading-fields" name="event.user" type="Object">

@@ -6,7 +6,7 @@ subcategory: events and webhooks
 tertcategory: events
 ---
 import APIField from 'src/components/api/APIField.astro';
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
+import AuthenticationTypeValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import Event from 'src/content/docs/extend/events-and-webhooks/events/_event.astro';
 import EventBody from 'src/content/docs/extend/events-and-webhooks/events/_event-body.astro';
 import InlineField from 'src/components/InlineField.astro';
@@ -33,7 +33,7 @@ export const eventType = 'user.login.success';
   <APIField slot="leading-fields" name="event.authenticationType" type="String">
     The type of authentication used in the login request. The possible values are:
 
-    <AuthenticationTypeValues showSince="1.6.0" />
+    <AuthenticationTypeValues show_since="100600" />
   </APIField>
 
   <APIField slot="leading-fields" name="event.connectorId" type="UUID" since="1.18.0">
@@ -67,7 +67,7 @@ export const eventType = 'user.login.success';
   </APIField>
 
   <APIField slot="trailing-fields" name="event.type" type="String">
-    The event type, this value will always be <code>{eventType}</code>.{/* eslint-disable-line */}
+    The event type, this value will always be <code>{eventType}</code>.
   </APIField>
 
   <APIField slot="trailing-fields" name="event.user" type="Object">

@@ -6,7 +6,7 @@ subcategory: events and webhooks
 tertcategory: events
 ---
 import APIField from 'src/components/api/APIField.astro';
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
+import AuthenticationTypeValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import Event from 'src/content/docs/extend/events-and-webhooks/events/_event.astro';
 import EventBody from 'src/content/docs/extend/events-and-webhooks/events/_event-body.astro';
 import InlineField from 'src/components/InlineField.astro';
@@ -34,7 +34,7 @@ export const eventType = 'user.login.suspicious';
   <APIField slot="leading-fields" name="event.authenticationType" type="String">
     The type of authentication used in the login request. The possible values are:
 
-    <AuthenticationTypeValues showSince="1.30.0" />
+    <AuthenticationTypeValues show_since="103000" />
   </APIField>
 
   <APIField slot="leading-fields" name="event.connectorId" type="UUID">
@@ -70,7 +70,7 @@ export const eventType = 'user.login.suspicious';
   </APIField>
 
   <APIField slot="trailing-fields" name="event.type" type="String">
-    The event type, this value will always be <code>{eventType}</code>.{/* eslint-disable-line */}
+    The event type, this value will always be <code>{eventType}</code>.
   </APIField>
 
   <APIField slot="trailing-fields" name="event.user" type="Object">

@@ -10,8 +10,7 @@ import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
 import AccessTokenClaims from 'src/content/docs/_shared/_access-token-claims.mdx';
 import Aside from 'src/components/Aside.astro';
-import AuthenticationTypeValues from 'src/content/docs/_shared/authentication-type-values.astro';
-import Breadcrumb from 'src/components/Breadcrumb.astro';
+import AuthenticationTypeClaimValues from 'src/content/docs/_shared/_authentication-type-values.mdx';
 import ExampleAccessToken from 'src/content/docs/lifecycle/authenticate-users/oauth/_example_access_token.mdx';
 import ExampleIdToken from 'src/content/docs/lifecycle/authenticate-users/oauth/_example_id_token.mdx';
 import ExampleRefreshToken from 'src/content/docs/lifecycle/authenticate-users/oauth/_example_refresh_token.mdx';
@@ -150,7 +149,7 @@ The Id Token may be returned as part of an Authentication request when the `open
   <APIField name="authenticationType" type="String">
     The method used to authenticate the User which resulted in this JWT being generated. The possible values are:
 
-    <AuthenticationTypeValues />
+    <AuthenticationTypeClaimValues show_since="100000" />
   </APIField>
   <APIField name="auth_time" type="Long" since="1.36.0">
     The time of the initial authentication request expressed as UNIX time which is the number of seconds since Epoch. This claim will remain the same even when the token has been re-issued through the use of a Refresh Token.
@@ -264,7 +263,7 @@ A refresh token is associated with the same set of validated and consented OAuth
 
 To request a refresh token during authentication you must provide the `offline_access` scope. The refresh token is not supported by the Implicit Grant, so if you provide the `offline_access` scope during an Implicit Grant workflow it will be ignored.
 
-If you request the `offline_access` scope and an Refresh Token is not returned, ensure that the FusionAuth application has been configured to generate refresh tokens. Ensure `Generate refresh tokens` is enabled in your application settings. See <Breadcrumb>Settings -> Applications -> OAuth</Breadcrumb>. This setting will cause a Refresh Token to be returned when the `offline_access` scope is requested. You will also want to ensure the `Refresh Token` grant is enabled which allows the use of the Refresh Token to be exchanged for a new Access Token.
+If you request the `offline_access` scope and an Refresh Token is not returned, ensure that the FusionAuth application has been configured to generate refresh tokens. Ensure `Generate refresh tokens` is enabled in your application settings. See <strong>Settings -> Applications -> OAuth</strong>. This setting will cause a Refresh Token to be returned when the `offline_access` scope is requested. You will also want to ensure the `Refresh Token` grant is enabled which allows the use of the Refresh Token to be exchanged for a new Access Token.
 
 ### Sample Refresh Token
 

@@ -104,7 +104,11 @@ Where this differs is the ability to continue paging through large result sets.
 
 ### Field Mappings
 
-For both `queryString` and `query` searches, you may search against specific fields. Here are [the available fields for matching](/docs/reference/user-fields).
+For both `queryString` and `query` searches, you may search against specific fields.
+
+The exact list of indexed fields is not documented, but if you are running FusionAuth self-hosted, you can find the list by [retrieving the Elasticsearch mapping](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/indices-get-mapping.html).
+
+If you are using FusionAuth Cloud, please [open a support ticket](https://account.fusionauth.io/account/support) if you have a question about which fields are searchable.
 
 Fields of the user object are indexed, as are the following relationships, which are available using the `nested` query type.
-Original file line number
+Diff line change
@@ Expand Up @@
           </p>
           <p>
-          You may search against specific fields like so: <code>email:*fusionauth.io</code>. This will match only users with a <code>fusionauth.io</code> email address. Here are <a href='/docs/reference/user-fields'>the available fields for matching</a>.
+          You may search against specific fields like so: <code>email:*fusionauth.io</code>. This will match only users with a <code>fusionauth.io</code> email address. You may find the available fields for matching by retrieving the <a href="https://www.elastic.co/guide/en/elasticsearch/reference/6.3/indices-get-mapping.html">Elasticsearch mapping</a>.
           </p>
           <SearchPreprocessingWarning/>
@@ Expand Down @@