In my post-login action, I need to redirect users to a portal that updates some info. The portal takes a token which itself has a redirect for its callback. I need to be able to include the State param in the redirect url in the token, but I’m not sure how to access it in the Post Login Action.
EG 1 User logs in via universal login
2 Post login script redirects user to 3rd Party Portal (using sendUserTo(<3rdPartyUrl>)). In my case, the 3rdParyUrl has a custom token that includes a callback url (It will be like: https://myAuth0Site.com/continue?state=[state])
3 User is redirected back to auth0 where action continues after verifying state
In step 2, how do I determine the state param that will be used by AuthO?
I cannot tell from the docs how to access that value or if that’s even possible
The state parameter you need to use to pass back to the /continue endpoint should match the same state used in your initial login request (/authorize).
When you call the api.redirect.sendUserTo method, you do not need to append the state value yourself because Auth0 will redirect the user to the URL you specified and pass the state parameter in that URL. (Reference: Redirect with Actions)
Afterward, you can send the user back to the /continue endpoint with the state parameter to resume the authentication transaction.
Thanks, Rueben. I get what you’re saying, but the problem is that the 3rd party service will send the user to whatever callback URL I include in their token. So when you say:
" Afterward, you can send the user back to the /continue endpoint with the state parameter to resume the authentication transaction." To send the user back, I need to include the callback url in the original token (I don’t have control of this third party server). So I need to embed the /continue endpoint in the token I’m sending to that server as the callbak url with the state param attached to it. Does that make sense?
I’m currently toying with a proxy service (that I would have full control over) that would handle the redirect, returning to /continue with the state param. Is that my only option, or is there some way to access the state param from the action?
Also, the state param passed from the service provider to the /Authorize endpoint is not the same as the state param that Auth0 attaches to the redirect url in a post-login action. It does eventually go back to the SP, in the final redirect after the post - login action completes, but the state param between SendUserTo() and /continue is a auth0 generated thing.