@dan Thank you, yes I can use lamba, i did give it a try and it works fine
The authentication type does works too, but maybe more in a "workaround way".
@joshua Thank you for answer
True, it is still possible to handle that logout.
Maybe in future Fusionauth could have an additional and optionnal logout endpoint in IdentityProvider settings ...
I prefer the application not to know much about the IdP, (i.e not calling it directly and not knowing its URLs) and let Fusionauth deal with the authentication/logout workflow.
Tho, I do understand the answer
@paterik4 I think you can specify it in the kickstart when you create it
@paterik4 I think you need to give the application_id instead of the client_id in the registration block
I have a fusionauth configured to use an external identity provider.
My application is logging into fusionauth, which redirect to the identity provider: it works fine.
Now I wonder how should be the logout workflow ?
My application calls the fusionauth logout endpoint and it works fine (my user is logged out from my app and from fusionauth), but the user is still logged into the external identity provider ...
Because otherwise, the user is still logged on
I configured Fusionauth for the authentication on my API, so far working fine.
I linked some external accounts (other Identity Provider) to some Fusionauth users, the authentication works fine as well.
Now i wonder if I can retrieve in a claim of the JWT from which identity provider the user account is linked to ? The authentication is managed by Fusionauth, but is there a way to know if that user has a linked account, just reading the claims of the JWT ? I would like to differentiate FA's user without linked from users with linked account
I set up SSO between 2 applications, and for each i set up their own logout url, and set the Logout behaviour to All applications.
For each application their "own" logout workflow works correctly:
But the other application logout URL is never called, though I set up the logout Behaviour to "All applications"
Do I miss something in the configuration?
Seems like my sso isn't working correctly...
I have 2 .net API
I can successfully log with fusionauth, I get tokens and own cookie. But the SSO seems to be achieved by the common .net cookie, if I delete it I need to relog again, even if fusionauth SSO cookie is still there...