How to open identity provider directly?



  • @robotdan being able to pass an idP hint would be the perfect solution indeed, it would make it able to implement a much more native flow when using devices(or sites for that matter)

    (its kind of the only thing keeping us on keycloak)



  • Ah, great. Please make sure to upvote the issue and/or add a comment voicing your support. In general, here's more information about the FusionAuth roadmap: https://fusionauth.io/community/forum/topic/172/the-fusionauth-roadmap



  • i did, but meanwhile is there any way to force it, in an ugly way even, if pressing the button to the idP takes a user to that provider, there has to be a way to just generate the button's link and redirect the user right away?



  • @robotdan said in How to open identity provider directly?:

    The Lookup API is generally designed for use when you are not going to use the FusionAuth login pages or SSO features.

    Can you try the avenue Daniel mentions? of just not using the FusionAuth login pages at all?



  • @dan i tried using the lookup api, but i have no idea what to input for {domain} i have tried the user email, just the user emails domain but i just keep getting 404, how does that api work?

    I dont understand how i can get the providers on my server by using a users email... that doesnt seem right...

    digging a bit more i did find it, and had to add the domain to... itself?
    anyway, that doesnt directly take the user to the idP either

    892209ef-950b-4d33-ab66-a83414d2c759-image.png



  • I still dont understand where the hurdle is, when the fusionauth page is shown, the buttons obvious have links, how do i generate those links myself? they dont appear magicly and they have a data-identity-provider-id="23d1c45d-83fa-4368-a051-34a2e4cce16b" property, what does that do?

    how can we use

    FusionAuth.IdentityProvider.Helper.captureState({
          identityProviderId:  button.getDataAttribute('identityProviderId')
        });
    

    For our own apps to generate the proper redirect url ?



  • when the fusionauth page is shown, the buttons obvious have links, how do i generate those links myself?

    There's currently no way to programmatically generate all these links. If you are using the OIDC, External JWT or SAML identity providers, you can provide a managed domain list as configured. When a user enters their email address, you can use the lookup API to get the configured authorization_endpoint. This doesn't work with social logins (Google, etc). It's unclear to me which type of federated login you are using, but that's worth noting.

    You can, of course, reverse engineer the fusionauth templates and put your own logic in that code. I believe the identity provider id in the data- corresponds to the id returned when you call the /api/identity-provider API to retrieve all identity providers (docs here: https://fusionauth.io/docs/v1/tech/apis/identity-providers/#retrieve-all-identity-providers). Because this is not a common, supported, documented use case, it's possible, but unlikely, the URLs might change in the future.

    Please feel free to upvote the github issue mentioned further up in this thread or add a new github issue outlining your desired use case.

    Hope this helps.



  • @dan yeah i tried it, but then i get to a point where it keeps throwing the error of no/invalid redirect uri, even though i do have it set in the initial parameters

    It's unclear to me which type of federated login you are using

    I am trying to have my users log in from the react-native app i am building so i can just show them the buttons when they open the app and not have the flow be like:

    user opens app > presses login with.. > gets taken to fusionAuth page and has to press login with... (a second time)



  • user opens app > presses login with.. > gets taken to fusionAuth page and has to press login with... (a second time)

    That makes sense, for sure.

    So when you hardcode the buttons/URLs from the fusionauth page you are getting the "no/invalid redirect uri" error? And you've configured the social login provider with the correct redirect URL?



  • nah, nvm i thought i had a lead with that but reusing that url from the button doesnt work



  • Hmmm.

    Well, coming down the pike in 1.19.0 is a feature that may be of interest to you.

    From the release notes:

    IdP and Email hinting for the FusionAuth login pages. This feature will allow you to optionally bypass the login page and go directly to the third party IdP based upon the user’s email address or a suggested Identity Provider Id.

    I don't know exactly when 1.19.0 will drop, but it'll be soon.




Log in to reply