FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    oauth2/authorize redirects to oauth2/consent (AzureStaticWebApp)

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    3
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      developer 1
      last edited by

      I have a Fusion Auth server working with an ASP.NET application. However, we are trying to use the same server with Azure Static Websites. I've followed their docs, however FusionAuth appears to be getting stuck in a redirect loop. The first odd thing that stands out is that fusion auth is redirecting from oauth2/authorize to oauth2/consent. I can't find documentation about this endpoint or why FusionAuth would do that.

      The flow goes as follows:
      [AzureStaticWebApp] -> [FusionAuth] oauth2/authorize -> [FusionAuth] oauth2/consent -> [AzureStaticWebApp] callback.

      My fusion auth debug log says that the code has been exchanged successfully exchanged for an access token. But the redirect loop seems to say otherwise?

      What is this oauth2/consent endpoint and why is fusion auth redirecting there? My best guess is that this is what's messing up the hand off with Azure Static Websites auth?

      Any additional information would be helpful

      2d0523e7-65e4-4cb4-8baa-2eaf65fc21ee-image.png

      Query String of the oauth2/authorize request
      eca09897-744b-4a74-9167-36960451e562-image.png

      Query String of the oauth2/consent request
      37f2baed-fcc3-469a-8282-1309d9a77402-image.png

      Query String of the 'callback` request
      5d917714-e757-4dde-b454-24c7e4ae85c6-image.png

      1 Reply Last reply Reply Quote 0
      • A
        Alex Patterson
        last edited by

        I believe what you are seeing is the consent mode, you can find more details on this

        https://fusionauth.io/docs/lifecycle/authenticate-users/oauth/scopes#form-fields

        The /oauth2/consent endpoint in FusionAuth is used for handling user consent during the OAuth process. It provides several variables that can be used to customize the consent prompt:
        action: The action the user selected on the consent prompt. The value should be allow if the user made consent selections and wants to continue or cancel if they have decided not to continue.
        optionalScopes: The list of OAuth scopes on the request with optional user consent.
        requiredScopes: The list of OAuth scopes on the request that require user consent.
        scopeConsents: A map of OAuth scope consent choices made by the user. The key into the map is the OAuth scope name. The value should be true if the user has consented to the scope or false if they have declined.
        unknownScopes: The list of unknown OAuth scope names on the request if the application is configured to Allow unknown scopes.
        These variables are available since version 1.50.0 of FusionAuth.

        This can also be used in theming.

        https://fusionauth.io/docs/customize/look-and-feel/template-variables#oauth-consent-prompt

        1 Reply Last reply Reply Quote 0
        • D
          developer 1
          last edited by

          Thanks Alex. I went back and looked and it doesn't seem I can even turn that option on. Its set to First Party and when I try to set it to Third Party I get this:

          7c9c6e5d-95d3-4c0b-9055-dfd713a5236a-image.png

          So that doesn't really answer the question as to why fusion auth is redirecting to the "consent" endpoint. This process is kicked off via the normal "authorize" endpoint so I don't think email templates are in play either.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post