@auth0/nextjs-auth0 not sending all authorizationParams to Auth0

azc · January 3, 2024, 6:21pm

Hi,

I want to use an “invite code” to allow users to signup to my application as long as they have an invite code.

I am using @auth0/nextjs-auth0 package, and in my [...auth0].ts file I’m overriding the handleAuth function like so:


export default handleAuth({
  callback: async (req: NextApiRequest, res: NextApiResponse) => {
    try {
      await handleCallback(req, res, { afterCallback });
    } catch (error: any) {
      res.status(error.status || 500).end();
    }
  },
  login: async (req, res) => {
    try {
      const cookies = parse(req.headers.cookie ?? "");
      const { inviteCode } = req.query;

      await handleLogin(req, res, {
        returnTo: req.cookies.returnTo
          ? req.cookies.returnTo
          : process.env.AUTH0_BASE_URL,
        authorizationParams: {
          screen_hint: "signup",
          response_type: "code",
          scope: `openid profile email invite:${req.cookies.inviteCode}`,
          inviteCode: inviteCode,
        },
      });
    } catch (error: any) {
      res.status(error.status || 500).end();
    }
  },
});

I have a problem with handleLogin because I’m expecting to see the inviteCode param in my Action/Hook, but that information never actually gets over to Auth0 Actions or Hooks.

I have a workaround by adding the inviteCode to the scope property, which I know I shouldn’t be using for that purpose, but that’s the only property that I can mutate, and I can send the invite code.

Am I doing something wrong, or is there something wrong with the package? or is this not the appropriate flow to use?

Thanks

pratyush.pandey · January 5, 2024, 9:21am

Based on your code, it seems that you are passing the inviteCode as a query parameter in the authorizationParams object. However, query parameters are not passed to Auth0 Actions or Hooks by default.

To pass the inviteCode to Auth0 Actions or Hooks, you can consider using the state parameter instead. The state parameter allows you to include additional information that will be returned to your application after authentication.

Here’s an example of how you can modify your code to use the state parameter:

login: async (req, res) => {
  try {
    const cookies = parse(req.headers.cookie ?? "");
    const { inviteCode } = req.query;

    await handleLogin(req, res, {
      returnTo: req.cookies.returnTo
        ? req.cookies.returnTo
        : process.env.AUTH0_BASE_URL,
      authorizationParams: {
        screen_hint: "signup",
        response_type: "code",
        state: JSON.stringify({ inviteCode }), // Pass inviteCode in the state parameter
      },
    });
  } catch (error: any) {
    res.status(error.status || 500).end();
  }
},

Then, in your Auth0 Actions or Hooks, you can access the inviteCode from the state parameter. Make sure to parse the JSON string back into an object.

By using the state parameter, you can pass the inviteCode securely and correctly to Auth0 Actions or Hooks without relying on the scope parameter.

Topic		Replies	Views
How to Use handleLogin with @auth0/nextjs-auth0 in Next.js Help management-api , clients	0	3363	September 22, 2023
Passing query params with auth0-next js? Help auth0 , api , javascript , nextjs	2	3611	June 28, 2022
Next.js auth0 - API handler that gets your straight to signup? Help	3	3472	May 22, 2021
NextJS-Auth0 handleAuth custom error handling Help	8	5296	May 15, 2024
Social Sign Up and Sign In (nextjs auth0) Help jwt , auth0 , api , login , access-token	5	2652	August 20, 2021

@auth0/nextjs-auth0 not sending all authorizationParams to Auth0

Related topics