On successful password reset user stays on success status page - fusionauth

On successfull reset of the password from the forgot password email link, user stays at the success status screen.
On successfull password reset, I would like to redirect the user to the fusion auth login page or to my application. One way I am thinking is to write some custom javascript to automatically redirect the user but the challenge is we have 3 applications under a tenant and theme templates are specific to the tenant, how would be I able to differentiate the redirect url?

Related

Velusia Sample - Redirect after Registration

In the sample "Velusia" provided here Github OpenIdDict-Samples, upon most of the action the user is redirected back to the client, however upon the registration, the user is sent to the server 'home/index' page. How can I make it send a user same as the login action, back to the client?
We do have the ability to specify the SignOut redirect uri, however there is no visible option for Sign In
I could as well add in a home controller for index view a redirect to my app, however i would loose the uri I started with and would have to probably redo the request

Auth0: Add login_hint query param to redirect URL after password change

Is there a way to add the login_hint query params along with iss query params in URL received after password-change?
Detail Use case: A password change ticket email will be sent to the user. The user clicks on the change password URL, and changes the password. Then after the successful message, the user clicks on the back to button. The user is redirected to the auth0 login page via redirection from the app. On reaching the app (redirect URL), only the iss query param is appended in the URL. Is there a way to append login_hint query params too? So that the /authorize endpoint hit via the app will automatically append login_hint and the email field will get auto-populated?

Keycloak: Disable redirect to account page after password reset and show message

I am using Keycloak and I want to enable Forgot password flow. I have enabled Forgot password in login and configured SMTP to send email.
What I get out of the box from keycloak is the following
-> Click on Forgot password link -> Enter username or email -> User receives an Email with reset link -> Click on the link -> Reset password, then submit -> User is logged in then The user is redirected to account page.
What I want to acheive is the following
-> Click on Forgot password link -> Enter username or email -> User receives an Email with reset link -> Click on the link -> Reset password, then submit -> Display a message saying "Your password has been updated." and do not login the user. stay on that page.
The reason for this is, for my use-case, the user shouldn't access the account page on Keycloak.
In the authentication flow of reset credentials, I can only configure up to reset credentials.
Is there any way I can disable this action of logging in the user automatically after password reset, then redirecting to account page?
I have looked into several questions, but I cannot find an answer on how this can be achieved.
PS: I am using Keycloak docker image with a custom theme. If this can be configured using custom theme options, I have the chance to do it.
Thank you in advance.
Go to your keaycloak admin console, Authentication and desable "Update Profile"
Hopo it helps :)
We faced similar issue during keycloak usage and solved it via implementing custom Action Token and Action token handler (docs). Also check out original keycloak reset credentials action token sources:
ActionToken
ActionTokenHandler
Try to play around AbstractActionTokenHander.startFreshAuthenticationSession() there several attributes that define Keycloak behaviour during reset flow like:
authSession.setRedirectUri(token.getNote(OIDCLoginProtocol.REDIRECT_URI_PARAM));
authSession.setAuthNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
authSession.setAuthNote(AuthenticationManager.SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS, "true");
authSession.setAuthNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
If you're using your own client for the login page, the specified redirect, or the client default (Base URL) will direct where the user is sent after the password reset.
We did see that when using an admin-directed password reset, this behavior would occur (user sent to Keycloak account page). So, we simply adjusted the Base URL value for the account client so that it points to the home page of our primarily application.
Then, after the account client is used to reset the password, the default redirect is to our home page.

IndetityServer3 - redirect to consent page in infinite loop

It's the Identity Server 3 Standalone Implementation Part 3 by scott Brady
When I run my hybridflow client application and login ,the consent page shows.
But after I confirm my choices about the scope and click "yes,allow" button,the page redirect to consent page.
It's the network preserve log image.
enter image description here
It's the final Http RequestURL and Its Response is the consent page.
https://localhost:44302/core/connect/authorize?client_id=hybridclient&redirect_uri=https%3a%2f%2flocalhost%3a44304&response_mode=form_post&response_type=code+id_token+token&scope=openid+profile+email+roles+offline_access&state=OpenIdConnect.AuthenticationProperties%3dGIPazkL_z51B5u_wmtKMsauUJ34gMgYgAYukTOJgcMWmtASfBx-77WQfQAeTcMuAonf8NHohQTkf6gTmZIWKqBPnw3vjEf27KXPcD-q6xoDssEPwjcq_DtRck3TysSUmvF3PmqRzV2Prcukj8OJdRTOGBRUFBwXbf2_-low93P9joO_WqzC-a6M_nTG1JVy9AWUEaVPvPt1NdNU5Wwgq6A&nonce=636184232732125913.OGEyYzY4ODItYThjNi00ZDI1LWIxNDMtMTc2ZjUyNTNlYWM1MzI1ZjY2YjktMjg2MS00NDBkLTg4MDQtNDBkNzJjZWIyNTVm
Looks like the returnUrl is always pointing at your singin page, which seems to always redirect to IdentityServer. Debug thru your code and you'll see where you re-enter your signin, even after the user has been logged in.

Facebook Redirect url to "https://www.facebook.com/dialog/oauth/read" with no access token

I have set a web browser control in winform and navigate to the following url-
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxx&redirect_uri=https://www.facebook.com/connect/login_success.html&display=popup&scope=publish_stream,user_status&response_type=token
It show the login dialog box. After enter username and password facebook redirect to following
url-
https://www.facebook.com/login.php?skip_api_login=1&api_key=xxxxxxxx&signed_next=1&next=https://www.facebook.com/dialog/oauth?redirect_uri=https%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html&display=popup&scope=publish_stream%252Cuser_status&response_type=token&client_id=xxxxxxxxxx&ret=login&cancel_uri=https://www.facebook.com/connect/login_success.html?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied%23_=_&display=popup
and display a message with two button called "okay" & "cancel"
xyourappxxxx would like to access your public profile, friend list and status updates.
if i click on "Okay" button this will redirect to following page with the msg of--
page---https://www.facebook.com/dialog/oauth/read
message---Success SECURITY WARNING: Please treat the URL above as you
would your password and do not share it with anyone.
application type: Native/desktop
App secret in client: no
Client OAuth Login: enbl
Embedded browser OAuth Login: enbl
Sandbox mod: ON
Problem is after authorization facebook not redirect to my redirect_uri and not getting any access token.
I am using vb.net 2008 express
thanks
I might be mis-understanding your question/issue, apologies if so..
in your first line.. you have the redirect_uri set to just go back to facebook, whereas it's supposed to be the URI of the page on your site that you want facebook to send the user to after they authenticate and approve your app, no?
in other words shouldnt your first line be:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxx&redirect_uri=**https://WWW.YOURDOMAIN.COM/YOURPAGE.ASPX**&display=popup&scope=publish_stream,user_status&response_type=token
after the user clicks "okay" on the popup, it will then redirect them to YOURPAGE.ASPX on your site, passing the access_token