@auth0/nextjs-auth0 not sending all authorizationParams to Auth0

azc · January 3, 2024, 6:21pm

Hi,

I want to use an “invite code” to allow users to signup to my application as long as they have an invite code.

I am using @auth0/nextjs-auth0 package, and in my [...auth0].ts file I’m overriding the handleAuth function like so:


export default handleAuth({
  callback: async (req: NextApiRequest, res: NextApiResponse) => {
    try {
      await handleCallback(req, res, { afterCallback });
    } catch (error: any) {
      res.status(error.status || 500).end();
    }
  },
  login: async (req, res) => {
    try {
      const cookies = parse(req.headers.cookie ?? "");
      const { inviteCode } = req.query;

      await handleLogin(req, res, {
        returnTo: req.cookies.returnTo
          ? req.cookies.returnTo
          : process.env.AUTH0_BASE_URL,
        authorizationParams: {
          screen_hint: "signup",
          response_type: "code",
          scope: `openid profile email invite:${req.cookies.inviteCode}`,
          inviteCode: inviteCode,
        },
      });
    } catch (error: any) {
      res.status(error.status || 500).end();
    }
  },
});

I have a problem with handleLogin because I’m expecting to see the inviteCode param in my Action/Hook, but that information never actually gets over to Auth0 Actions or Hooks.

I have a workaround by adding the inviteCode to the scope property, which I know I shouldn’t be using for that purpose, but that’s the only property that I can mutate, and I can send the invite code.

Am I doing something wrong, or is there something wrong with the package? or is this not the appropriate flow to use?

Thanks

pratyush.pandey · January 5, 2024, 9:21am

Based on your code, it seems that you are passing the inviteCode as a query parameter in the authorizationParams object. However, query parameters are not passed to Auth0 Actions or Hooks by default.

To pass the inviteCode to Auth0 Actions or Hooks, you can consider using the state parameter instead. The state parameter allows you to include additional information that will be returned to your application after authentication.

Here’s an example of how you can modify your code to use the state parameter:

login: async (req, res) => {
  try {
    const cookies = parse(req.headers.cookie ?? "");
    const { inviteCode } = req.query;

    await handleLogin(req, res, {
      returnTo: req.cookies.returnTo
        ? req.cookies.returnTo
        : process.env.AUTH0_BASE_URL,
      authorizationParams: {
        screen_hint: "signup",
        response_type: "code",
        state: JSON.stringify({ inviteCode }), // Pass inviteCode in the state parameter
      },
    });
  } catch (error: any) {
    res.status(error.status || 500).end();
  }
},

Then, in your Auth0 Actions or Hooks, you can access the inviteCode from the state parameter. Make sure to parse the JSON string back into an object.

By using the state parameter, you can pass the inviteCode securely and correctly to Auth0 Actions or Hooks without relying on the scope parameter.

Topic		Replies	Views
NextJS-Auth0 handleAuth custom error handling Help	8	5231	May 15, 2024
Nextjs add dinamicly authorizationParams Help login-experience , new-universal-login-experience	0	152	May 14, 2024
Passing custom parameters with auth0.js authorize Help login-experience , new-universal-login-experience	2	1509	May 31, 2024
Handle Email Verification Check with Next.js Help auth0 , api , login , verification-email , nextjs	0	3646	November 28, 2021
Organisation Member Invitation flow results in state mismatch Help auth0 , nextjs , organizations	4	3669	December 5, 2022

@auth0/nextjs-auth0 not sending all authorizationParams to Auth0

Related Topics