When using FusionAuth's Self Service Account Management system for user login, I discovered a bug I would like to raise.
I created an application in a tenant for a user to log into to edit their profile using FusionAuth's Self Service Account Management tool.
My relevant OAuth configuration for the application is as follows:
client_id: <application id>
client_secret: <obscured>
Client Authentication: "Not required when using PCKE"
PKCE: "Not required when using client authentication"
I created a user and assigned the user to my application within my tenant. I then used the Account URL (found when inspecting the application that takes the form of <subdomain>.fusionauth.io/account/?client_id=<application id>) to attempt to log in, unchecking "Keep me signed in". FusionAuth reported a successful log in on the user's page in the console, but a network trace shows that I was routed back to the log in page, which appears to the user that they did not successfully log in.
However, when I leave the "Keep me signed in" checkbox checked, and log in, I am authenticated properly and can view my user edit page.
Reported issue on GitHub: https://github.com/FusionAuth/fusionauth-issues/issues/1546