FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    OAUTH login pages in React

    Scheduled Pinned Locked Moved
    Q&A
    3
    6
    805
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      admin 1
      last edited by

      Hi there,

      We would like to use our own UI for oauth login as all our styles are in a React App and if we make changes then it is much easier (we tend to make a lot of changes to styling).

      Is it possible to POST to oauth2/authorize/ that redirects to redirect_uri using our own UI and not the templates?

      Best
      Saul

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by dan

        Posting to /oauth2/authorize when using the Authorization Code grant will take you to the FusionAuth pages. I don't believe there's any way around that, because FusionAuth is the OAuth Authorization server in this scenario (and the Authorization Server should always take the client credentials).

        Alternatives for you to consider:

        • You could generate the theme files using react SSR and upload them using the theme API.
        • You could use the login api and the FusionAuth client directly from your react code.
        • You could look at the password grant, which is not recommended, but would let you post to the /oauth2/token endpoint and get an access token in exchange for credentials.

        Hope this helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • T
          twosevenxyz
          last edited by twosevenxyz

          I hope this isn't being considered as a hijack, but if one were to use option 3 (resource grant), is there a way to pass the IP address of the requester (x-forwarded-for/ipAddress)? The documentation does not discuss this.

          1 Reply Last reply Reply Quote 0
          • danD
            dan
            last edited by

            @twosevenxyz

            I'm not sure what you mean? What part of the system would you like to receive the IP address? Can you explain a bit more?

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • T
              twosevenxyz
              last edited by twosevenxyz

              My understanding is that if I were to use resource-owner-password-credentials grant, then I would be passing client credentials to FusionAuth from my backend. While doing so, I find that all client logins are occurring from the same backend IP address. Is there a way to log the real client IP rather than my backend IP?

              For example, the /api/identity-provider/login endpoint that we use to do social logins allows passing an ipAddress parameter. Is there something similar for the /oauth2/token endpoint?

              1 Reply Last reply Reply Quote 0
              • danD
                dan
                last edited by

                ah, thanks for explaining.

                I can't see any way to do this. The behavior of these grants are outlined in the RFC, so are pretty limited in flexibility. It looks like auth0 allows something similar to this, so I'm guessing it's not against the spec.

                I looked through some code and didn't find support for that. Can you please file an feature request outlining your use case? https://github.com/fusionauth/fusionauth-issues

                --
                FusionAuth - Auth for devs, built by devs.
                https://fusionauth.io

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post