3rd Party Authentication

kash

Don't worry you almost got it.

The callback is the first step in the right direction. We need the code parameter from that callback to obtain the authorization token like you mentioned.

Do you mind posting a little more about what callback program/servlet you're using? It shouldn't be too many steps after that.

it-contracts

@kash Thank you kash for your reply once more. I'm not sure I understand what you are asking for. But would be happy to provide whatever details you need.

Just to reiterate. I have initially completed a project that uses Google and other 3rd party authenticators directly. And it works perfectly. However, now my company wants to use FusionAuth. So I have to start from the beginning. Yay me!

The previous process as I mentioned called Google 3 times. First call was to get the code. Google called the "callback" servlet with the code which I used to obtain the Authorization Token. I then proceeded to call Google for the 3rd time with the Authorization Token to get the user info. This all works.

I thought that FusionAuth would perform all 3 steps for me. Meaning I would call it once and it would return to me the User Info. However, when I call FusionAuth, I see that my callback is called after step 1, which is where Google returns the code. And I have to call Google myself for calls 2 and 3. Which is very challenging since the callback (i.e. redirect_uri parameter must be identical between calls 1 and 2).

At the moment, my callback servlet simply calls Google to obtain the Authentication Token based on the code that was returned. Initially, I had code in my callback servlet to parse the User response that I was hoping to get back from FusionAuth. Alas, that code had to be commented out. As I'm still not sure how to call FusionAuth to get it to perform all 3 steps for me.

Meaning what URL should I be using to get FusionAuth to perform all 3 steps for me?

In my previous reply I posted the image of the URL I'm using now.

TIA
Rudy

kash

Alrighty let's try this. We'll maybe add a few more calls but we'll get it working

First, let's set up the scope for your google identity provider. It should be under the identity provider tab in the google section that you configured.

kash

Also do you have fusionAuth running on port 9011?

it-contracts

@kash said in 3rd Party Authentication:

Also do you have fusionAuth running on port 9011?

Sorry, forgot to mention. We purchased the Cloud package. We are in the clouds. So nothing local.

it-contracts

@kash said in 3rd Party Authentication:
> Alrighty let's try this. We'll maybe add a few more calls but we'll get it working

I love your optimism. I'm onboard.

> First, let's set up the scope for your google identity provider. It should be under the identity provider tab in the google section that you configured.

This is what I had the scope set to:

mark.robustelli

@it-contracts, which license did you purchase? If you selected the Essentials Plan you should have access to the Account Portal and may receive support directly through email if this is time sensitive.

mark.robustelli

@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select Applications. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here.

it-contracts

@mark-robustelli said in 3rd Party Authentication:

@it-contracts, which license did you purchase? If you selected the Essentials Plan you should have access to the Account Portal and may receive support directly through email if this is time sensitive.

In the Dashboard it says: Current plan Starter
Seems like we are paying $350 per month

This is what it says in the Support tab:
*As a valued customer of FusionAuth Cloud hosting, you can open support tickets for the following items:

Outages
Network issues
Assistance with upgrades
If you need other support including engineering support, you will need to purchase a paid Plan that includes support.*

Am I the first person to attempt this? I find that a bit surprisisng.

it-contracts

@mark-robustelli said in 3rd Party Authentication:

@it-contracts Can you please share the OAuth settings you have for your application? In the Fusion Auth Admin UI select Applications. Select Edit or view for your application. Share the OAuth and JWT settings. Be sure to remove any sensitive information before posting here.

I did not make any settings in JWT, so there is nothig there.

In the OAUTH section here's what I have:

1. Client Id - Id generated by fusionAuth.
2. Client secret - Secret generated by FusionAuth.
3. Client Authentication - Set to Required
4. PKCE - Set to Not Required.
5. Generate refresh tokens - Checked
6. Debug enabled - Checked (No idea if this does anything in the Cloud configuration).
7. URL validation - Set to Exact Match
8. Authorized redirect URLs -http://localhost:8080/MyAppName/FusionAuthLogin
9. Authorized request origin URLs - Not Set
10. Logout URL - http://localhost:8080/MyAppName/FusionAuthLogout
11. Logout behavior - Set To All applications
12. Enabled grants - Checked "Authorization Code" and "Refresh Token"
13. Require Registration - Checked

That's it.
Thank you Mark
Rudy