forked from FusionAuth/fusionauth-site
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add new emailVerifiedClaim to ExternalJWT and OpenID Connect.
- Loading branch information
Showing
3 changed files
with
44 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,12 @@ | ||
When developing against a FusionAuth Cloud instance with a `.fusionauth.io` address, unless your application also lives at a `.fusionauth.io` address, you'll receive a `403` response code. The hosted backend does not work across origins. This occurs whenever FusionAuth is hosted on a different domain from the application accessing the hosted backend. | ||
When developing against a FusionAuth Cloud instance using an apex domain of `fusionauth.io` address, unless your application shares the same domain of `fusionauth.io` attempts to use these endpoints will fail with a `403` status code. | ||
|
||
To work around this, you can: | ||
These endpoints will not work correctly for cross origin requests. Cross origin requests occur when the application making the request to FusionAuth is using a separate domain. For example, if your application URL is `app.acme.com` and the FusionAuth URL is `acme.fusionauth.io` requests from your application to FusionAuth will be considered cross origin. | ||
|
||
* develop using a local FusionAuth instance, so both your webapp and FusionAuth are running on `localhost`. | ||
* set up a lightweight proxy to ensure both servers are the same domain. | ||
* stand up a barebones backend with a more liberal cookie policy: [here's an example](https://github.com/FusionAuth/fusionauth-example-react-sdk/tree/main/server). | ||
* set up a [custom domain name for the FusionAuth Cloud instance](/docs/get-started/run-in-the-cloud/cloud#updating-with-existing-custom-domains) (limited to certain plans). | ||
If at all possible you should plan to access FusionAuth and your application in the same domain. If this is not possible, you may use one of these alternative methods: | ||
|
||
Modifying FusionAuth CORS configuration options will not fix this issue. | ||
* Develop using a local FusionAuth instance, so both your webapp and FusionAuth are running on `localhost`. | ||
* Use a proxy to rewrite the requests to utilize the same domain. | ||
* Do not use the the FusionAuth hosted backend, and instead write your own backend with a cross origin cookie policy: [here's an example](https://github.com/FusionAuth/fusionauth-example-react-sdk/tree/main/server). | ||
* Configure a [custom domain name for the FusionAuth Cloud instance](/docs/get-started/run-in-the-cloud/cloud#updating-with-existing-custom-domains) (limited to certain plans). | ||
|
||
Modifying FusionAuth CORS configuration options will not fix this issue because the cookies that FusionAuth writes will not be accessible cross domain. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters