Append query param to an existing /authorize transaction

mamacdon · February 25, 2021, 2:06pm

I have a hosted login page that offers the user a choice between signup and login experiences. I want the user’s choice (signup or login) to end up in the context.request.query object of my Auth0 Rule, so I can use it to enrich the token, as explained here.

However, Auth0 seems to ignore any changes to query parameters that occur after the initial /authorize transaction starts. For example, suppose my app constructs this URL:

https://my-tenant.auth0.com/authorize?state=s&client=c&redirect_uri=r&protocol=oauth2&response_type=code&response_mode=query

If I then append &choice=signup, it is ignored. It seems that the oauth params are “fixed” when the state is set, and cannot be changed afterward.

Is there any way to do this? Essentially what I’m asking for is a way to append extra params to an authorize transaction that’s already been created.

nicolas_sabena · February 27, 2021, 7:19pm

Hi @mamacdon
There’s no way to pass data from the hosted login page to a rule. context.request.query sees only the parameters included in the original /authorize request initiated in the app.

If you are trying to check if the user has just signed up, maybe there are other approaches you can take, like check for a metadata flag in the rule. E.g.

if (user.app_metadata && user.app_metadata.first_login_processed) {
  return callback(null, user, context);
}
// this is the first time we see the user (signup)
// do something
[...]
// and set the user's app_metadata.login_processed = true, so that
// this won't execute next time
[...]

Hope this helps!

konrad.sopala · March 1, 2021, 7:49am

Thanks for helping on this one Nico!

system · March 16, 2021, 7:49am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.