Redirect loop between login and consent page during OAuth2 authorization (Proof of Concept)
-
Hello FusionAuth community,
I am currently working on a proof of concept to integrate FusionAuth as my OAuth2/OpenID Connect provider. However, I am encountering an issue with the authorization flow:
When I initiate the authorization request via the /oauth2/authorize endpoint, I am redirected to the login page.
After successful login, I get redirected to the consent page.
When I submit the consent form, I am redirected back to the login page again.
This causes a redirect loop: Login → Consent → Login → Consent → ...
Some important details about my setup:- I am still using the community edition plan (1.58.2)
- I have not configured any consents or required scopes in the FusionAuth admin panel.
- The only scope I request is openid.
- I have checked the application settings and there is no explicit consent requirement set.
- I want to understand why the system still shows the consent screen despite no consent being configured.
- Ideally, since no consent is required, the user should be redirected directly after login without seeing the consent prompt.
- I have tried adding prompt=none to the authorize request, but the behavior remains the same.
Has anyone experienced this redirect loop before?
Could this be related to session/cookie handling, missing consent records, or some configuration I might have overlooked?
Are there recommended settings or troubleshooting steps to ensure users are not prompted for consent if none is configured?
Any tips on how to debug or logs to inspect to identify why FusionAuth insists on consent in this scenario?Thank you in advance for any advice or recommendations! I’m eager to get this POC working smoothly.
-
@jefferson-piscos There are a few things that may be going on. Where are you you expecting to redirect to after successful login? Can you tell if that page is being hit or is it redirecting back to the login page because that is the page you set it to? Anything you can safely share about the application configuration in FusionAuth or code for your redirect page could be helpful.
It terms of tips for debugging, you can turn on "Debug Enabled" for the identity provider and then check the Event Log after you try to log in. Let us know if that yields any useful information.
-
@mark-robustelli For POC purposes, I configured it to just redirect here: http://localhost:8081/oauth/callback after successful login. However, I am redirected to the /oauth2/consent endpoint after logging in. Then after hitting POST to allow consent, I am then redirected again to the login page, hence the loop. What confuses me is why I'm redirected to the consent endpoint after logging in when in fact I did not configure anything for consent. See below for reference.
Also, This is what I register in my application in FusionAuth for the Authorized redirects: http://localhost:8081/oauth/callback (nothing fancy here since I'm just testing this out locally)
I don't see this "Debug Enabled" feature in my community edition setup.
-
@jefferson-piscos, the debug enabled is under the OAuth tab. Go ahead and enable that and check the logs.
Also it is a little weird that you are redirected to a consent screen. Do you have any consents configured? You can go to Settings -> Consents in the Admin UI.
Then you can check the user and see if you have any set for the user you are testing.
Hopefully that will clear it up and you will be good to go. If not, let's see what those logs say.
