403 on angular redirection to loging page

david.gonzalez

Hi guys, I have an issue with my fusionauth hosted instance.

I created a tenant by copying the default tenant and linked an application to it.
But when i try to use the authentification flow from my angular app i get a 403 error reaching the "/app/login" endpoint but i have no issue directly reaching the "/oauth2/authorize" endpoint.
I tried enabeling CORS in the server settings but it did not help.

Thank you for your help.

dan

Hiya @david-gonzalez !

If you are seeing a 403 on the hosted backend, need to run FusionAuth on the same domain as the application is running.

From the docs:

When developing against a FusionAuth Cloud instance with a .fusionauth.io address, unless your application also lives at a .fusionauth.io address, you'll receive a 403 response code. The hosted backend does not work across origins. This occurs whenever FusionAuth is hosted on a different domain from the application accessing the hosted backend.

To work around this, you can:

• develop using a local FusionAuth instance, so both your webapp and FusionAuth are running on localhost.
• set up a lightweight proxy to ensure both servers are the same domain.
• stand up a barebones backend with a more liberal cookie policy: here's an example.
• set up a custom domain name for the FusionAuth Cloud instance (limited to certain plans).

Modifying FusionAuth CORS configuration options will not fix this issue.

More details

david.gonzalez

Hi @dan, thank you for your prompt answer. I missed that part when looking at the doc.

I will explain what we are trying to do and maybe you can tell me if its possible or not.

We are trying to set up with fusionauth a centralised authentication and authorization service for our web application.
We have multiple client and for security / availability each instance of the application is hosted in its own server instance. What we would have like to do is to setup a single instance hosted by fusionauth on the cloud for higher availability and better SLA and manage each user's permission for each user on that single instance for easier support and management.

But what i understand with the documentation you provided, is that it is not doable, or am i missing / misunderstanding something ?

Thank you again for your help.

dan

@david-gonzalez Yes, you can do all of that. Providing centralized authentication is what FusionAuth offers.

If you want an SLA, you'll need an enterprise plan. You can learn more on our licensing FAQ page about SLAs.

If you'd like to discuss your needs with a technical sales person, you can also contact us.

david.gonzalez

@dan Ok thank you, i'll try the contact form to discuss our needs. And see how to work with fusionauth with them.
Thank you again.

larsenlola06

@david-gonzalez said in 403 on angular redirection to loging page:

Hi @dan, thank you for your prompt answer. I missed that part when looking at the doc.

I will explain what we are trying to do and maybe you can tell me if its possible or not.

We are trying to set up with fusionauth a centralised authentication and authorization service for our web application.
We have multiple client and for security / availability each instance of the application is hosted in its own server instance. What we would have like to do is to setup a single instance hosted by fusionauth on the cloud for higher availability and better SLA and manage each user's permission for each user on that single instance for easier support and management.

But what i understand with the documentation you provided, is that it is not doable, or am i missing / misunderstanding something ?

Thank you again for your help.
Ensuring compliance with appropriate industry standards and statutory safety regulations.