At this time due to the current way Auth0.js v8 works any parameters sent to the hosted login page will end up being converted to
snake_case (and number are considered as an independent term so
param1 will be seen as
param_1 in the rule). The reason for this is that Auth0.js v8 performs the snake case of any additional parameters by default which would not be so unexpected if you also used Auth0.js to initiate the original request to
/authorize (calling the
webAuth0.authorize method would send the parameter already in snake case).
However, if you manually navigate to
/authorize?param1=true the parameter will end up being changed during the additional processing required to complete the authentication due to a side-effect of using Lock (it uses Auth0.js indirectly) or Auth0.js within the HLP itself.
Given that changing this would be a possible breaking change to existing code that may already accommodated to the current behavior we are not considering any change to this behavior within the Auth0.js v8 scope. However, this is something that will be reviewed in the next major version; thanks for bringing this to our attention.