Register A User And Login
This tutorial guides you through the basics of registering users and logging them into Applications using the FusionAuth APIs as well as some alternatives.
Register a User
In order to register a User, you must have first created an Application. A tutorial for creating an application is provided in the Application overview. Once the Application has been created, you are ready to call the API to register a User.
There are two APIs that can be used to create the User and then create a Registration for that User in the Application you create. In most cases you will want to create the User and register them in a single step. This can be accomplished by calling the /api/user/register (combined) API.
However, you can also create the User and then register them for the Application in separate API calls. This method would make use of the /api/user API followed by a call to the /api/user/register (for an existing user) API. We recommend using the single API call, but in some cases, calling the APIs separately is preferred.
You can also allow accounts to be created with self-service registration. With this approach, Fusionauth hosts the registration forms and pages.
Log in a User
Once you have created a User and registered them for an Application, you can authenticate them by calling the Login API. That will return a JWT and other User information as documented.
A user can also log in via the hosted login pages. These use the Authorization Code grant or a SAML flow. FusionAuth owns the user interface for authentication in this scenario.
Should I Use the APIs or the FusionAuth Hosted Login Pages
In general the hosted login pages are recommended. They are customizable and localizable with themes and when used, FusionAuth is the only server side system to see sensitive user information like credentials. In other words, you are delegating authentication and authorization entirely to FusionAuth.
They also include a number of common workflows, including, but not limited to:
- Log in
- Log out
- Forgot password
- Email verification
- Changing a password
- Two factor authentication
- Magic link passwordless authentication
- WebAuthn/passkey passwordless authentication
- Password expired
- Account lockout by administrative decision or failed attempts
- Password validation failed
- Breach password detection
- Federated login with IdPs such as Google and Microsoft Active Directory
- Advanced self service registration forms
- Linking between IdP accounts and FusionAuth accounts
- Multi application logout (OAuth front channel logout)
The reason to use the APIs is to give you full control over the workflow, user experience, and look and feel of your login and registration functionality. Reasons include:
- You don’t want to use a webview for authentication on a mobile application.
- You need a custom user registration flow not supported by FusionAuth, such as directing a user to different registration flows based on their email address.
- You have an existing application that already handles login and you want to continue to use it as the “front door” to your app.