IFRAME Support with Hosted Pages

[LucasPMorris]

IFRAME Support

Since 1.50.0, with the inclusion of the consent page, hosted login is not possible with an iframe because cookies set at the /oauth2/authorize endpoint are not present when the iframe is redirected back to the consent page.

Solution Develop a mechanism that allows FusionAuth hosted pages to function as expected within an iframe.

Alternatives/workarounds One can also call oauth2/authorize in a separate browsing tab and embedding required data into the state parameter of the oauth2/authorize uri. With the callback the information in that state parameter can be retrieved. This works but requires embedding code before calling oauth2/authorize and in the callback webpage. Which is not as clean as plug and play if FusionAuth customers implement FusionAuth login on their clients web pages/webapps.

Internal Request: 76950

[jobannon]

Additional context, linking release notes https://fusionauth.io/docs/release-notes/#version-1-50-0

[robotdan]

We may need to add detail to understand the specific request. We do support the use of IFRAMEs.

If you are using IFRAMEs cross origin, this will be a problem, and is not likely solvable.

Is there a specific customer request and high design we can attach to this request to better understand what isn't working, and what is being requested?