FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Creating a FA browser session after server-sided sign-up

    Scheduled Pinned Locked Moved
    General Discussion
    3
    4
    384
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stunny
      last edited by

      Hi, the aim here is to sign a user in automatically after a server-sided signup.

      Custom signup forms are used on this project and users are created on the server side. The user clicks to login, gets redirected to FusionAuth authentication form and the aim is to already have FA session at this moment, so that user would be logged in instantly (without being asked for credentials).

      Does FusionAuth or OIDC flow offer a way to create browser session after backend registration? Has anyone implemented something similar?

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @stunny
        last edited by

        @stunny

        You need to create a session in the code that lives at the redirect_uri endpoint. FusionAuth doesn't do that for you, nor will most OIDC/OAuth servers that I've seen.

        You might want to check out this guide which discusses this issue, among others: https://fusionauth.io/docs/v1/tech/guides/single-sign-on

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        Q S 2 Replies Last reply Reply Quote 0
        • Q
          quent @dan
          last edited by

          @dan it means there are 2 sessions, the sessions of the application itsefl, and the session of fusionauth ? In the link you sent, if the app session is down, then it redirects to FusionAuth login page (so far that works), and if the FA session is still up the user doesn't need to log again (that part does not work, the user need to log again, whereas the FusionAuth session is still valid)

          1 Reply Last reply Reply Quote 0
          • S
            stunny @dan
            last edited by

            @dan But is it possible to initiate the FA session?

            Custom form is used for registration, it's on a separate page than the actual application (X). Let's say after the registration I get the token from FA on the server side. I can send it back to the client side and save it there. This way, when the user visits login page, I'm able to send the token to the server and from there to FA for checking.

            But what if there's a second separate application (Y). In this app user tries to login, gets redirected to the FA login page. However, he's not recognized by FA here and is asked to enter his password.

            I've read and tested your SSO example app, but it doesn't answer my case. Is it possible to do so that FA recognizes user when he is redirected from application Y after registration in application X's custom form? Thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post