OpenID Service provided link does not work with Identity Providers
-
Description
After successfully creating an OpenID Identity Provider, you can activate the registration for a FusionAuth app, so you can register with a UI button via the specific provider.
Though, if you try to use the direct link by your 3rd party service application, you get the following error:{ "error" : "invalid_request", "error_description" : "The request is missing a required parameter: redirect_uri", "error_reason" : "missing_redirect_uri" }
To be a little more specific, I created my Discord Identity Provider, which I wanted to use via the link I get from the Discord Application:
This link however does not work as I get the error above. On the other hand, the button to register, which FusionAuth provides, does work.
Though, I need for my service the direct link (because I'm having my own buttons, etc.), which does not work.Am I making something absolutely wrong or does FusionAuth simply not provide the needed functions?
My Configuration
The link I get from the Discord Application (which includes a
redirect_uri
) :My FusionAuth Identity Provider configuration:
PS: No debug or other logs appear.
-
To confirm, are you having this issue while following along with the below documentation?
Thanks,
Josh -
No, absolutely not. I could easily follow the whole documentation.
If you want so, everything works fine. If I activate the "Login via Discord" button in FusionAuth, I can login with Discord. But, if I don't want to use the button, but instead the provided link by Discord, it doesn't work.I think, FusionAuth creates some kind of "session" when using 3rd-party OAuth, which does not work, when you get sent back to FusionAuth directly by Discord and not FusionAuth itself. (I hope it was clear enough)
Thanks for you reply,
Chriss -
I can't say what specifically is occurring here, but this is a flow that we don't enable by default.
What we typically expect is
FusionAuth SP -> Discord IDP to Auth user -> back to FusionAuth
Can you expand on the flow you are trying to enable? What does this link directly from discord attempt to "solve" for you?
Thanks,
Josh -
Yeah, I already thought so, that this way of using is not directly intended.
I have a dashboard for linking user accounts with our own accounts. We want to use FusionAuth for that, so we try to send the user from the button of our own website directly to the link provided by Discord.
Does FusionAuth provide some kind of that link?
Thanks too for helping,
Chriss -
My sense is this will be a feature request to be considered -
https://github.com/FusionAuth/fusionauth-issues/issues/new/choose
What you are attempting to do here seems very closely aligned with idp initiated login for SAML (with some differences, of course).
Another use case adjacent to this discussion is using the
idp_hint
parameter if available.https://fusionauth.io/docs/v1/tech/oauth/endpoints/
Thanks,
Josh -
So, you say, the only thing I can do at the moment is to request a new feature and to be patient?
Or can I use this request, which then links to discord via the
redirect_uri
?GET /oauth2/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&tenantId={tenantId}
But, thanks so far for you help,
Chriss -
There is some discussion of this (mostly focused on SAML, but OIDC is referenced and considered as well)
https://github.com/FusionAuth/fusionauth-issues/issues/566
I will review further and see if the team has any other thoughts.
Thanks,
Josh