I have auth0 setup to send a Verification Email (using Link) and a redirect URL - http://localhost:3000/app/registration
When I create a user it’s working and they get the email, and it redirects with this URL:
http://localhost:3000/app/registration?supportSignUp=true&supportForgotPassword=true&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success#
The problem is: according to this link, it should include the email address of the registered user; however, it is not. Is there a reason for this? If I could simply pass the email, I could make an API call and complete the registration process through the auth0 API.
My intention is to send the user to a special registration page on my single page application site where they can finish the registration process and set their password. Any help with this would be appreciated - thanks!
Related
I'm sure I am missing something here but...
I have an angular application that allows users to fill out forms. The application calls a backend NODEJS service that has a responsibility of building the HTML envelope and document to sign. This back-end service does not have access to a browser.
I have 2 options for flow:
User fills out form -> clicks sign button -> back-end service called to gather the url for the user to redirect to in order to get a code back (consent) -> USER DOES NOT LOGIN TO DOCUSIGN -> redirect back to application -> get token with users code -> prepare envelope on BEHALF of the user -> send application the ceremony URL -> user redirects to ceremony -> signs document -> redirect back to application.
*User fills out form -> clicks sign button -> back-end service called to create envelope and tell DOCUSIGN to send an EMAIL to the user which I don't want to sign up for DOCUSIGN. (Effectively removing the need for them to create an account with DOCUSIGN because I am sending an email and they can authenticate him by knowing he is coming from his own email). -> user signs document through email -> (Would be nice for application to get redirected back to but not necessary)
All examples and chats I have seen discuss only having to login one time. Well in flow 1, I don't want the USER, signing the document, to login or have to make an account for this one signing. And in flow 2, I can't seem to grasp how to keep the back-end service authenticated if it is a BACK-END service. It's headless. No Browser.
These guys are so large that I figure it's something I'm not grasping here.
I understand to impersonate the user, I would need his consent. And possibly... because they don't KNOW the user without him signing up for an account to verify his email, they can't offer consent to a user they can't verify email with. So if that is the case, I would want to authenticate my BACK-END user to send emails so they can just click the email, it MIGHT verify in DOCUSIGN without having to sign up for account, and offer the contract to the user to sign on the spot from the email WITHOUT asking for credentials or NEW account.
If you are going to answer this with a link back to DOCUSIGN authentication examples. Or suggest use a JWT to authenticate from BACK-END services... please explain in detail the steps to authenticate my BACK-END user and keep him authenticated without using a web-browser or how to use the users consent from a redirect from DOCUSIGN without the user having to EVER create an account.
I have tried sending the user to the redirect URL with success if they already have their credentials cached in browser or already have a DOCUSIGN user. The flow works fine there. I get the users code, exchange it for token, create envelope, redirect user to ceremony, redirect back to application after signing complete.
I have read a bunch of articles that all point back to DOCUSIGN help with authenticating 1 of 3 ways with a browser. I need no browser login, or a better understanding of how to avoid the user creating a DOCUSIGN account.
Thank you so much!
Signer, user that signs, does NOT need to have a DocuSign account. They do not need to log in to DocuSign in order to sign. They can sign via email or embedded in your app, but they do NOT need to have an account or log in.
Your app's back end needs an access token to make API calls. This doesn't change the headless nature or the fact that it's back end. A token is a long string that your app uses to authenticate. This authentication is tied to a user in DocuSign that has an account. That is NOT the user that signs, but the user that make the API call. You have to have a user that makes an API call.
You can get a token using JWT authentication and your back end can generate it using the Node.js SDK (npm package) without the need for UI or for anyone to log in.
We are trying FusionAuth & looking to have a single step flow for Sign up + Sign In.
After user signs up, we want to show/land him directly to our application's dashboard page (without showing him login page in between the flow). The authentication should happen but internally i.e we are expecting OAuth2 standard IdToken in response to "WebApplication" so that web application can use IdToken to allow user to application.
Please note that we don't want to use approaches where we need to pass Username/password to our web application, don't want to handle user credentials. Also that we dont want to use Authentication Tokens returned in Registration flow because AuthenticationTokens are not that secure, looking to use OAuth2 based IdToken instead.
I have came across this post "https://fusionauth.io/community/forum/topic/165/taking-a-user-directly-to-the-registration-page/3" and tried following request, but it is showing Login page instead of registration.
/oauth2/register?client_id=<Configured_client_id>&redirect_uri=<Configured_redirect_uri>&response_type=code
(I have not used CSRF parameter though)
Please can you suggest why its showing Login Page?
You should be able to have a user register and be sent directly to your application, as long as you set the correct redirect_uri and put that on the registration URL:
https://local.fusionauth.io/oauth2/register?client_id=c50329fa-93e5-4618-8d9f-73d0ab069a23&response_type=code&redirect_uri=https%3A%2F%2Fapp.example.com%2F
The application will then receive a code that can be exchanged for an access token. You can call the userinfo endpoint with that token and get user information like email address, etc.
What you won't get that it seems like you might want is an id token. For that you'll have to send the user through the login process with a scope of profile. However, you could mind your own 'id token'-lite using the values from the userinfo endpoint and the JWT vending: https://fusionauth.io/docs/v1/tech/apis/jwt/#vend-a-jwt
I have an unconfirmed aws cognito user which did not verify his email during registration process. When he tries to login with following code:
Auth.signIn({
username:email,
password:password,
})
the API returns
'UserNotConfirmedException'
Now at this point the user is unauthenticated, there is no current session or current user. How will this user be able to verify himself and get himself logged in?
'verifyCurrentUserAttribute' and 'resendSignUp' APIs do not work for unauthenticated user.
Please help.
Late response but just saw this: The Auth.resendSignUp(<username>) does not need an authenticated user and is suited for this purpose. It accepts a username parameter as a string and when called will send a new code to the method configured in Cognito.
The right API endpoint for confirming a signup is confirmsignup
see : https://aws-amplify.github.io/amplify-js/api/classes/authclass.html#confirmsignup
This entpoint requires an email address and the code. The user can thereby confirm his signup later with the code he has received.
Using Back&, I'm working on creating the "Custom Verified Email Page" & the "Custom Reset Password Page" to work with my app so that users can verify emails at signup and request password resets via email.
Does anyone have an example of what these pages should be doing? I know the URL receives a token for the transaction but what are we suppose to be doing with it?
Thank you.
You don't have to do anything with it (look under security -> security acctions -> newUserVarification. Backand handles all of it for you. Make sure you specify a Custom Registration Page URL and the Custom Verified Email Page URL. If you don't have the registration url, the link in the email to confirm you as a new user will always send you to a blank page that reads, "SignUp redirect url was not supplied in configuration".
I am getting error while Login with oAuth for Instagram, it says the redirectURI is wrong. I have researched on it and I have checked many answers on stackoverflow but its not helpful for me.
Here is the complete detail of what I did in my application.
1) I set my ClientId in pList for redirect URI :
2) I have added ig and authorize while creating the URI:
3)Now, I set ClientID in Instragram API :
And Here is my RedirectURI :
https://instagram.com/oauth/authorize?response_type=token&redirect_uri=igdd5fb08a33444af0b2b9c9420e69bc35%3A%2F%2Fauthorize&scope=relationships&client_id=dd5fb08a33444af0b2b9c9420e69bc35
When I fire the URl after login, it gives me the following error:
Can anyone help to find out where I am going wrong ?
Thanks,
The redirect URI you're providing is not what you have defined in your client settings.
1) Go to http://instagram.com/developer/clients/manage/
2) For your desired client/application, look for REDIRECT URI.
3) Make sure you provide the same redirect uri in your request as it is defined in your client/application settings. In your case, https://api.instagram.com/oauth/authorize/?response_type=token&redirect_uri=REDIRECT-URI&client_id=CLIENT-ID
Note: You may provide an optional scope parameter to request additional permissions outside of the “basic” permissions scope.
Note: You may provide an optional state parameter to carry through any server-specific state you need to, for example, protect against CSRF issues.
At this point, we present the user with a login screen and then a confirmation screen where they approve your app’s access to his/her Instagram data.
4) Once a user successfully authenticates and authorizes your application, instagram will redirect the user to your redirect_uri with a code parameter that you’ll use to request the access_token like http://your-redirect-uri?code=CODE.
For more information to learn about authentication process [Link]
tl;dr. The Redirect URI you send to /authorized must be same as the registered URI in your app.