-
What's a good way to generate a URL that would take a user directly to the registration page (bypassing the login page) and with a redirect URL? It's an ASP .NET Core app. Do I need to use an API or is there a more "direct" way?
I feel like this has been asked and answered before but my search fu failed me.
-
Hiya,
I assume you want to use the FusionAuth provided registration page?
I don't believe there's any documentation or API to get this value. If you look at the
OAuth authorizetemplate in your theme (located in the admin UI atSettings -> Themes, around line 82 (in version 1.17.1), you can see how we build that URL:[#if application.registrationConfiguration.enabled] <div class="form-row push-top"> ${theme.message('dont-have-an-account')} [@helpers.link url="register"]${theme.message('create-an-account')}[/@helpers.link] </div> [/#if]The
linkmacro just looks at a number of parameters that are set and appends them on to the/oauth2/registerendpoint. So you'd basically be reverse engineering how that link is built. This would work, but may have issues with future compatibility. We try to keep these links from changing over time, but it's not guaranteed.One alternative is to build your own registration form and then code against the registration/user APIs.
Another one would be to file an issue in https://github.com/fusionauth/fusionauth-issues/issues and explain further what you're looking for. For instance, I think there's a valid case for exposing the URLs of the FusionAuth registration pages (and other pages) as readonly attributes of an application object returned by the Application API, so if that's the case, you could file an issue for that. (That may not be what you are looking for, just me reading between the lines.)
-
PS I'm going to move this to the q&a section.
-
Thanks for opening up the issue @ashok ! https://github.com/FusionAuth/fusionauth-issues/issues/686
Per https://github.com/FusionAuth/fusionauth-issues/issues/686#issuecomment-645110861 you can rely on the params of the registration URL remaining unchanged:
<FusionAuth_BaseURL>/oauth2/register?client_id=<Configured_client_id>&redirect_uri=<Configured_redirect_uri>&response_type=code&state=<Your_CSRF_Token>
Hope that helps.
-
@dan It does! We are trying it out today to see if it works or not. I'll report back. Thank you so much for jumping on it and coming up with a solution.
-
I am a colleague of @ashok and will jump in here. Yes, the registration URL works correctly (with client_id, redirect_uri and response_type on there, we left out the state bit).
One maybe unrelated issue we ran into was that we wanted to add some query string parameters onto the redirect_uri but it appears that it has to match the authorized URIs exactly. Is that accurate? We need some state returned to us.
-
We need some state returned to us.
That's what the state parameter takes care of. You can put what you want in there and it will be returned back after the registration is done.
You can't pass arbitrary parameters or wildcard the redirect_uri. Here's a open feature request for the latter (the former is unlikely to ever be allowed as the parameters are specified by the RFC): https://github.com/FusionAuth/fusionauth-issues/issues/437, feel free to vote for it.
-
What?! The state parameter is for the state?
Thank you for your help, that makes total sense! -
Great. It's typically used for CSRF protection, but can be used for other purposes. Here's a pretty good article covering this.