FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Passwordless login and the OIDC workflow

    Scheduled Pinned Locked Moved
    Q&A
    passwordless oidc
    0
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I have a two-part question about passwordless login.

      I’ve read it’s not advised to start the passwordless process using the API and finish using the OpenID Connect workflow, but I was able to get it to work by setting up the state on the /api/passwordless/start/ with (client_id, redirect_uri, response_type, and scope). It seems to work fine to format a link with that code to /oauth2/passwordless/CODE?tenant_id=X. With that link the login seems to work fine with the OpenID Connect workflow and all the tokens and cookies get set up properly (which is why I’d rather do this vs. validating with the API)

      First question: Am I going to have problems doing it this way? Is there something I’m missing? Why is it not advisable?

      Second question: If I set additional key/value pairs in state in the initial api request, is there any way to get to those after completing the process with OpenID Connect? I’d like to log who initiated the passwordless request through the API, as an example.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by dan

        That should work ok. The only reason not to do it this way - is because you’re sort of emulating the OAuth frontend’s usage of this API which in theory is subject to change.

        Re: state, additional key value pairs will be stored, however if our front end is consuming the URL, you won’t have access to the API response which will contain that state information.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post