Implementing SSO with Google and Facebook Without a Hosted Login Page in FusionAuth
-
We want to implement Single Sign-On (SSO) functionality using Google and Facebook logins. Our goal is to replicate the redirect flow typically seen with hosted login pages but bypass the hosted page itself. Specifically, the flow we want is:
- User clicks "Continue with Google" on our site.
- The user authenticates with Google (via redirects involving FusionAuth to exchange the code).
- The user is redirected back to our site (callback URL).
Is there a parameter we can include in the OAuth /authorize GET request or a specific configuration to bypass the hosted login page and directly initiate the Google authentication process?
Currently, our workaround involves appending an arbitrary parameter to the authorize URL. On the hosted page, if this parameter exists, we use JavaScript to auto-click the Google login button; otherwise, we display the normal hosted login page. While this works, it's not ideal, so we wanted to check if there's a better solution.
We’ve looked into the /api/identity-provider/login endpoint, but it doesn’t provide SSO benefits.
-
To achieve this behavior, you can use IdP Hints. IdP Hints allow you to send the user directly to a specific Identity Provider (e.g., Google or Facebook) without stopping at the FusionAuth Hosted Login Page. This approach aligns with the flow you described, bypassing the hosted page entirely.
Steps to Use IdP Hints:
- Append the appropriate IdP hint parameter to the /oauth2/authorize request URL.
- The hint will direct FusionAuth to initiate authentication with the specified IdP immediately, skipping the hosted login page.
Documentation Reference:
By using IdP Hints, you can streamline the login process and eliminate the need for JavaScript-based workarounds on the hosted login page.
-
W wesley has marked this topic as solved on 31 Dec 2024, 20:06