FusionAuth

FusionAuth

FusionAuth is an authentication and identity management platform. Its scripts handle user login flows, OAuth and OIDC authentication, session token management, and registration forms. These scripts set session cookies to maintain authenticated state and make network requests to identity provider endpoints.

Back to Vendor Library

Overview

FusionAuth is a developer-focused authentication and customer identity platform that organizations deploy either on-premises or in the cloud. Its client-side scripts appear on websites when FusionAuth is used to power login flows, user registration, OAuth consent screens, and multi-factor authentication. Unlike third-party identity providers that operate on separate domains, FusionAuth is typically self-hosted, meaning its scripts may load from the operator's own infrastructure.

What This Script Does

FusionAuth's browser-side scripts manage the complete authentication user experience. They render login and registration forms, handle OAuth and OpenID Connect (OIDC) authorization flows, and manage session tokens for authenticated users. Session state is maintained through cookies — typically a session identifier cookie and potentially an OIDC state parameter cookie used during the authorization code flow. These cookies are essential to the authentication process; without them, users cannot log in or maintain authenticated sessions. Scripts communicate with FusionAuth's API endpoints (either hosted at fusionauth.io cloud or self-hosted URLs) to validate credentials, exchange authorization codes for tokens, and manage refresh token lifecycle. No behavioral tracking or advertising data collection occurs through these scripts. The data transmitted is limited to authentication credentials, session identifiers, and user profile data necessary for identity management.

Consent & Compliance

FusionAuth falls into the essential and functional consent categories. Session cookies set by authentication scripts are strictly necessary for the service to function — a user cannot be logged in without a session identifier. Under GDPR's ePrivacy Directive, strictly necessary cookies do not require user consent. However, FusionAuth as an identity provider does process personal data (usernames, email addresses, authentication logs) on behalf of the site operator, making the operator a data controller and FusionAuth a data processor. A Data Processing Agreement (DPA) should be in place. For self-hosted deployments within the EU, data residency concerns are straightforward. For FusionAuth's cloud offering (US-hosted), EU-US data transfers require reliance on SCCs or the EU-US Data Privacy Framework. Under CCPA/CPRA, authentication data is personal information, but its processing for the purpose of enabling login is a service delivery function rather than sale or behavioral advertising. Consent categories: essential and functional.

Should You Block This Without Consent?

No. FusionAuth scripts perform authentication and session management — processing that is strictly necessary for users to access the service. Blocking these scripts prior to consent would prevent users from logging in. No consent is required to load authentication scripts under either GDPR/ePrivacy or CCPA frameworks.

Visit website

Consent Categories

Essential
Functional

Also Known As

fusionauthfusion authfusionauth OAuthfusionauth OIDCfusionauth identityfusionauth loginfusionauth SSO

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesBusiness Services

Tracked Domains (1)

fusionauth.comEssential

Frequently Asked Questions

Do I need consent to use FusionAuth on my website?

No for authentication. FusionAuth scripts handle login flows, OAuth, OIDC session management, and registration. Session cookies are strictly necessary to maintain authenticated state and fall under the essential category exempt from consent requirements under GDPR and CCPA.

What cookies does FusionAuth set?

FusionAuth sets session cookies to maintain authenticated user state across page loads. These cookies store encrypted session tokens and expire when the browser session ends or after a configured timeout. They are required for login functionality to operate correctly.

How does ConsentStack handle FusionAuth authentication scripts?

ConsentStack classifies FusionAuth as an essential vendor. Authentication session management is a strictly necessary function, so ConsentStack allows FusionAuth scripts and cookies to load without user consent and excludes them from consent-gated blocking rules.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for FusionAuth

ConsentStack automatically detects and manages FusionAuth trackers so your site stays compliant with global privacy regulations.

Get started free