FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Passwordless + OAuth

    Scheduled Pinned Locked Moved
    Q&A
    oauth passwordless login
    1
    2
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      Is there any way to combine the OAuth authorization code grant with passwordless?

      Basically, we want to drop someone into the authorization code grant but not use the standard FusionAuth passwordless flow.

      Right now if we set up passwordless we see the following:

      1. Generate a passwordless code, send the user an email
      2. The user clicks a link back to /oauth2/passwordless/{code}
      3. We consume the code, call the Passswordless Login API, and if good to go, we treat this as a successful credentialed login and redirect to their redirect_uri with an auth code.

      We'd like to do the same thing but with our SPA using an OIDC library, not with the FusionAuth code.

      Is this possible?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 1
      • danD
        dan
        last edited by

        This is possible. Doing so allows you to weave passwordless into the normal OAuth flow so you can use standard OAuth libraries but not have your user enter a password.

        1. Start the passwordless login on the server side (using the API).
        2. Get the passwordless code.
        3. Send this url to the client: [FusionAuthURL]/oauth2/passwordless/[passwordlesscode]?redirect_uri=[redirect URI]&response_type=code&client_id=[client_id].
        4. Have the client request this url.
        5. It'll be just as if the user had authenticated via the /oauth2/authorize endpoint and the user had entered their credentials. You'll get back an authorization code which can then be exchanged for an access token/JWT.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 1
        • First post
          Last post