missing redirect_uri
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
@richb201 did you get your questions answered?
-
@dan Yes! I got that survey "thing" working. Thx! I have one more part to fix. I have a login popup on my wordpress landing page.
On the bottom. I'd like to trigger a passwordless login email directly from that LOGIN button (but only if they already have a fa account). So what I did was add the OAuth IdP login URL:
as the "redirect to" address in wordpress.
But when I test it I end up at this screen.
But that is not really where i want the user to end up. I'd like to determine if the user has an account already on fa. If they do then i want to startPasswordless login. If they don't i want to send them to mailchimp to get their information and then send them to fa to register. I realize that there a few "steps" I need to get working. For right now I'd settle on getting my passwordless Login email to be sent to their email address.
I suspect that I will need to write the code to do as "conditional redirect", eventually. Question? Is there a way that I can quickly tell if a user has already set up a fa account without logging them in? That will be the basis of the "condition".
-
Question? Is there a way that I can quickly tell if a user has already set up a fa account without logging them in? That will be the basis of the "condition".
@richb201 you could always run a search for their email address and see if any results come back. That couldn't be done in the browser, but could definitely be done server side. https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users has more.
-
Thanks Dan. When you say "run a search" on the server, do you mean "try to start passwordless log in and review the error message", if it fails?
Another question for you.
I am not sure how to set up the security with FA with passwordless. How will I keep a user from just going directly to one of my pages anywhere on my site?
With passwordless I send them back an email login link. When the click the link, they are sent to a link from FA with a code appended which allows them to log in. How do i enforce that only users authenticated by FA are allowed to view all of my pages? Of course without a userid they won't get very far in my app.
On a slightly different beginner question. I am using PHP. Normally I will allow a user access to one of my methods which creates a form where they enter their email address. From this I will start the passwordless or will send them to my registration page.
Is it a a security mistake to allow them to access one of my methods IN MY APP to start passwordless? Should I be handling the passwordless/registration/authentication from a totally different process for security?
