Overview

You can use the login API to build your own Login experiences. This is useful when the standard hosted login pages workflow does not work for you.

Examples of why this might be the case:

  • You are building a mobile application and do not want to use the system browser, however styled, to capture login information.
  • You have a single-page application (SPA) and don’t want to redirect your users over to FusionAuth’s login pages.
  • You need a login workflow that doesn’t follow the standard FusionAuth workflow. For example, capturing a user’s login identifier, followed by prompting them for additional profile information, then sending them a code, and finally asking for a password.
  • You have a SPA and a predefined set of components, so theming won’t work.

Using The Login API Directly

You can use the Login API to sign in your users directly. In this case, you will likely use one of the FusionAuth client libraries.

When a user signs in with this API, you receive the entire user object, as well as the JWT.

When you build on top of the Login API, you’re responsible for building the user interface for all login use cases. This gives you more control, as well. You can still use other FusionAuth provided user interfaces for use cases such as the forgot password flow.

Using the Login API means that since your application will see sensitive user credentials, you’ll need to ensure the application secures such data appropriately. This is in contrast with the OAuth grants, where only the identity provider has access to the credentials, and your application only sees tokens.

Limitations

The login API does not accept the OAuth scope parameter as it is not part of an OAuth workflow. If your application requires the OAuth scope parameter to be present in the JWT, it can be added with the JWT Populate lambda.

You’re responsible for building the user interface to prompt users for consent to the requested scopes and capturing their response.