missing redirect_uri



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • @richb201 did you get your questions answered?



  • @dan Yes! I got that survey "thing" working. Thx! I have one more part to fix. I have a login popup on my wordpress landing page.
    Screenshot from 2021-03-23 21-35-13.png

    On the bottom. I'd like to trigger a passwordless login email directly from that LOGIN button (but only if they already have a fa account). So what I did was add the OAuth IdP login URL:
    Screenshot from 2021-03-23 21-41-53.png

    as the "redirect to" address in wordpress.
    Screenshot from 2021-03-23 21-42-56.png

    But when I test it I end up at this screen.
    Screenshot from 2021-03-23 21-32-31.png

    But that is not really where i want the user to end up. I'd like to determine if the user has an account already on fa. If they do then i want to startPasswordless login. If they don't i want to send them to mailchimp to get their information and then send them to fa to register. I realize that there a few "steps" I need to get working. For right now I'd settle on getting my passwordless Login email to be sent to their email address.

    I suspect that I will need to write the code to do as "conditional redirect", eventually. Question? Is there a way that I can quickly tell if a user has already set up a fa account without logging them in? That will be the basis of the "condition".



  • Question? Is there a way that I can quickly tell if a user has already set up a fa account without logging them in? That will be the basis of the "condition".

    @richb201 you could always run a search for their email address and see if any results come back. That couldn't be done in the browser, but could definitely be done server side. https://fusionauth.io/docs/v1/tech/apis/users/#search-for-users has more.



  • Thanks Dan. When you say "run a search" on the server, do you mean "try to start passwordless log in and review the error message", if it fails?

    Another question for you.

    I am not sure how to set up the security with FA with passwordless. How will I keep a user from just going directly to one of my pages anywhere on my site?

    With passwordless I send them back an email login link. When the click the link, they are sent to a link from FA with a code appended which allows them to log in. How do i enforce that only users authenticated by FA are allowed to view all of my pages? Of course without a userid they won't get very far in my app.

    On a slightly different beginner question. I am using PHP. Normally I will allow a user access to one of my methods which creates a form where they enter their email address. From this I will start the passwordless or will send them to my registration page.

    Is it a a security mistake to allow them to access one of my methods IN MY APP to start passwordless? Should I be handling the passwordless/registration/authentication from a totally different process for security?


Log in to reply
 

Looks like your connection to FusionAuth Forum was lost, please wait while we try to reconnect.