FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Prevent user from accessing FusionAuth login page after using /api/login

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    2
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lightalakanzam
      last edited by lightalakanzam

      Hi there,

      I have read documents about Oauth endpoint and Login api.

      When I tried the authorization code using OAuth endpoint such as:
      http://localhost:9011/oauth2/authorize?client_id=d24952b4-524d-490b-a3f4-b1a314050089&redirect_uri=http://localhost:4200/oauth2-callback&response_type=code&tenantId=cc18006b-f2ca-4582-9fc4-fc19a1578802

      The login page was displayed
      8e84297c-23fe-4e5a-a660-25c477fe773e-image.png
      I could sign in successfully, if I tried to use the above OAuth2 endpoint above, no login page displayed and I would be redirected to my Front-end web page, which was good.

      However, when I tried with /api/login endpoint:
      244bdcfb-daa4-4977-b5a5-49750131b9d2-image.png

      Even user session was created successfully (Tenant 02 - IoT Warehouse 02) as the below image

      1cedcd22-ecdc-4166-ae5d-5d4c37ba3e56-image.png

      If I tried with the OAuth2 endpoint above, the login page still displayed as I haven't logged in yet.

      My question is: Can I prevent login page from being displayed if I successfully login using /api/login

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @lightalakanzam
        last edited by

        @lightalakanzam Not with standard fusionauth, because the hosted login pages don't know that the login has occurred.

        You could perhaps set a cookie on login with the login API and then look for that cookie in an http proxy in front of FusionAuth, and deny access to the login pages at that time.

        Or, you could, if you are only using the login API, set up the theme to have a blank login page.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post