You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User signs up for the first time. Alternatively, user completes the forgot password form.
User receives a verification email.
User clicks on link in verification email.
At the moment, the user is automatically signed in.
This is based on the fact the the user has entered a password in step number 1. However, the user hasn't actually signed in with this new password. Therefore, we expect to at least have the option to redirect the user back to the sign in page to force them to sign in.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered:
Would you expect to be this to be new default behavior, or a configuration on the tenant (across all applications) or on a given application (a certain client_id)? Which would meet your needs best?
Would you expect to be able to provide an arbitrary sign in page or only have the user sent back to the login page?
Would you expect the redirect_uri (from the initial registration or forgot password flow) to be carried through (so that on the second login, the user is sent to the page they were originally trying to get to)?
Thanks for getting back to me. My answers are inline below.
- Would you expect to be this to be new default behavior, or a
configuration on the tenant (across all applications) or on a given
application (a certain client_id)? Which would meet your needs best?
It should be configurable. Per tenant will probably be good enough.
- Would you expect to be able to provide an arbitrary sign in page or
only have the user sent back to the login page?
Just sent back to the login page.
- Would you expect the redirect_uri (from the initial registration or
forgot password flow) to be carried through (so that on the second login,
the user is sent to the page they were originally trying to get to)?
Yes, I would expect the redirect uri to be carried through.
Consider the following flow:
At the moment, the user is automatically signed in.
This is based on the fact the the user has entered a password in step number 1. However, the user hasn't actually signed in with this new password. Therefore, we expect to at least have the option to redirect the user back to the sign in page to force them to sign in.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered: