Allow for programmatic creation/management of FusionAuth SSO session

[mooreds]

Allow for programmatic creation/management of FusionAuth SSO session

This was created based on a customer request.

Problem

I want to create a user via the registration API, rather than self registration. I don't want to have them have to log in via the hosted login pages. But I want SSO to work after they register.

This also applies when I have one application that I want to log the user in using the Login API, but want the ability to SSO into other applications using the authorization code grant.

Solution

Add the ability to create a valid SSO session in FusionAuth. This would probably entail:

• The ability to create, update and delete an SSO session.
• Document the format of the SSO cookie that would have to be set.
• I'm sure there's other stuff.

Alternatives/workarounds

Can't think of a way to work around this in the current FusionAuth feature set.

Additional context

Session definition: https://fusionauth.io/docs/v1/tech/core-concepts/users/#user-sessions

Hosted login pages: https://fusionauth.io/docs/v1/tech/core-concepts/integration-points/#hosted-login-pages

Related issues

• Add ability to manage refresh tokens via API #1850
• Support account self service pages without using SSO session #1860
• Add the SSO cookie value into the Login API response #2588

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

[davidb-e4s]

Do we have a time frame on this? It's quite an important feature that we need.

[mooreds]

@davidb-e4s No time frame right now. Thanks for upvoting the issue, though!

Here's our general roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap

[cnguyen2010]

Upvoting this via a comment on my end. Being able to manage SSO sessions would be useful for our use cases as well

[mooreds]

@cnguyen2010 please also click the 'thumbup' reacji on the issue (bottom left corner). You can actually sort GH issues by number of upvotes, which we do when considering future work.

[samuelopa]

I have been working with fusionAuth for few months now. This is really important

[mooreds]

@samuelopa Thanks for your feedback. If you care to share any specifics about your use case, that would be helpful. In addition, please make sure you upvote the issue. (You might have already, and if so, I apologize. The GH interface makes it hard to tell.)

[robotdan]

We should probably close this and mark as will be tracked via #2975 or close #2975 as will be solved here.

In practice we aren't going to allow the SSO session to be created via API, but we could allow a JWT produced by another login workflow to be bootstrap the SSO session.