Topics created by tim 0

Hiya,

I think this is what you are looking for:

https://fusionauth.io/docs/v1/tech/apis/identity-providers/openid-connect/#complete-an-openid-connect-login

So you aren't so much starting the OIDC flow as finishing it. This would be if you were building your own login form.

Another alternative that I think does what you want is to provide an idp_hint parameter, which will direct the user right to the correct login form, without requiring an additional click: https://fusionauth.io/docs/v1/tech/identity-providers/#hints On a re-read of your question, I think that's what you're looking for.

If I misunderstand your question, please let me know.

Hiya @tim-0

I'm not sure I understand your flows. It sounds like you want to handle two use cases.

Use case #1 User is not in FusionAuth system, but is in the OIDC system. You want them to authenticate via the OIDC provider. Then they should register with FusionAuth. Then, going forward, they should authenticate against FusionAuth. Or maybe against the OIDC system too? Not clear.

Use case #2 User is in the FusionAuth system. They should still be verified against the OIDC system somehow but then shown a different page, no registration needed? After that, they'll auth against FusionAuth? I'm confused here because I don't know why they'd need to be verified against the OIDC system here.

Maybe it's worth taking a step back and explaining what you are trying to accomplish. Which system is going to be the system of record for the users. The OIDC system or FusionAuth? Do you have multiple applications in FusionAuth and the OIDC system only is used for one of them?

If you could lay out in detail the flow of the different user paths, I might be able to understand things a bit better.

Thanks!