Topics created by Luis B

Hi @luis-b !

I would use step up auth for this situation.

It is documented here: https://fusionauth.io/docs/v1/tech/guides/multi-factor-authentication#step-up-auth

@luis-b said in Login in to the same application from different domains:

While this does not seem unexpected, is undesirable for us at the moment. Is there a way to support independent login for our two domains without creating a new application?

A new application is probably the most straightforward solution here. What you are running into is that FusionAuth sees the user is already logged in in the second case (when you visit with the redirect_uri of test-web-app...) and so doesn't require you to authenticate again.

We often see people use different tenants or even instances for different environments (dev, test, prod) which resolves this issue.

If you see an error message like https://YOURFUSIONAUTHSERVER/en?error=invalid_request&error_reason=missing_code_challenge&[…]The+request+is+missing+a+required+parameter%3A+code_challenge

it is because you have required PKCE for your application, but have not provided those parameters when attempting a login/registration. The links that we autogenerate in the app will not have a code_challenge by design, because those are dynamic for each request.

You can learn more about PKCE and turning it off on the applications core concepts page.