I'm wondering if there is a way to start an OIDC login programmatically using the FusionAuth API? I have the OIDC identity provider configured in FusionAuth, see the 'login with' button which works, but would like to simulate a click on that button through a FusionAuth API call. The company that hosts the 'login with' IDP would like to initiate the 'login with' from their side providing a single click login for their users as opposed to a two click approach.
Latest posts made by tim 0
-
Start OIDC flow through FusionAuth API
-
RE: Calling FusionAuth get user API from an OpenID Connect lambda function
I did see and try that work around which led me here. The issue is our users are already present in the fusionAuth DB and creating new users with a unique ID that doesn't match isn't great. Our application required email as user name and we enforce that so when creating new duplicate users the new email would create a conflict in fusionAuth?
The flow I'm trying to achieve is:
- OpenID back and forth
- After call to userInfo check for unique userID in fusionAuth DB
- If userID exists login as that user
- if userID does not exist redirect to application user creation page
-
Calling FusionAuth get user API from an OpenID Connect lambda function
I have a third party OpenID Connect IDP I'm trying to integrate with FusionAuth. The issue is that an email is never provided in the initial JWT or in the subsequent call to the Userinfo endpoint. They do provide a user ID in the initial JWT in the 'sub' claim and in the subsequent Userinfo call. My plan would be to use an OpenId Connect reconcile type lambda like so.
user.userId = jwt.sub;
userObj = API call to fusionAuth passing jwt.sub;
if (userObj == null) redirect to app signup page
else user.email = userObj.email;I'm not sure how to make that call to the fusionAuth API or if it's possible or even if this approach will work.
Thanks for the pointers