FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    COPPA configuration

    Scheduled Pinned Locked Moved
    Q&A
    2
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kejvidoko
      last edited by kejvidoko

      We are using Fusion Auth 1.17.5. We have configured tenant family settings as described in the image link https://prnt.sc/tnrm6m .
      Is there a way to send the parent a confirmation link to confirm the child registration, so to give consent that his child can register on our platform?

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        Hiya,

        We're working on a guide to fully document the family/COPPA functionality. I'll link to it here when it's published.

        Based on the screenshot, it looks like you want the flow to be:

        • child registers
        • parent is notified
        • parent either registers or signs in (if they already have account)
        • parent grants consent
        • child can login

        Is that correct? If not, please outline the flow you'd like.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        K 1 Reply Last reply Reply Quote 0
        • K
          kejvidoko @dan
          last edited by

          @dan yes that is the flow, but I thought that this flow is handled completely from fusion auth ?

          1 Reply Last reply Reply Quote 0
          • danD
            dan
            last edited by

            Hiya,

            FusionAuth provides the APIs and data entities, but you have to code the flow. This is because there are multiple choices for parental consent.

            Again, still working on documentation, but basically, when the child registers, you'll need to make sure they have a parentEmail attribute associated with the user object. FusionAuth will send one of two email templates based on whether the parent has an account or not.

            Then you have to have the parent grant consent, which means building a form that they can check a consent box in, and you then record that consent using the Consent API. If the consent is a COPPA email plus consent, FusionAuth will send a second email based on the tenant settings (make sure you use version 1.18+ because of this issue: https://github.com/FusionAuth/fusionauth-issues/issues/724 ).

            When a child is signed in, you can get any consents they have been granted, so your application can prohibit any functionality that needs parental consent.

            Here's a sample app for the consent granting that may be helpful: https://github.com/FusionAuth/fusionauth-example-family

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post