Authorization code within Rules

Hello upon successful authorization I am being redirected to my application’s allowed callback URL and a code parameter is being appended.

However when trying to redirect from within Rules using the context.redirect , the code parameter is no more appended, instead I am receiving the state parameter.

What do I need to configure to obtain the code parameter from within the Rules ?

Hi @userraj,

Welcome to the Auth0 Community!

Having looked closely at your screenshot, it appears that you have not resumed the authentication flow.

In this case, I recommend resuming flow by calling the /continue endpoint with the state you received when you were sent to the redirect URL.

For example:
https://{yourDomain}/continue?state={originalState}

(Reference: Redirect Users from Within Rules)

After doing so, you will be redirected back to your callback URL with the code and state parameter in the URL (just as you see in the first screenshot).

Please let me know if you have any questions or need further clarification on this step.

Thanks,
Rueben

1 Like

Hello @rueben.tiow , Much appreciate your response.
I may have missed out elaborating why I am trying to redirect using Rules.

Actually there is a dynamic parameter (named navigate) that I need to add to the callbackURL and since wildcards do not allow me to do so in the allowed callbackurls I am adding the dynamic parameter from within the rules.

Allowed callback url : https://{myDomain}/myAppMethod?client=xyz

Overwriting callback url in rules : https://{myDomain}/myAppMethod?client=xyz&navigate=*somethingDynamicHere*

And what is desired is that auth0 hits back to my application with the format
https://{myDomain}/myAppMethod?client=xyz&navigate=*somethingDynamicHere*&code=********

1 Like

Hi @userraj,

Thank you for your response and clarification.

Unfortunately, as you experienced, this is not possible with using Redirect Rules.

Generally, when performing a redirect using Rules, you must resume the authentication flow by sending the original state back to the /continue endpoint. If this is not done, Auth0 will lose the context of the login transaction, and the user will not be able to log in due to an invalid_request error. [Reference: Redirect Users from Within Rules]

With that, could you please clarify what you intend to do with the dynamic query parameter? Would it be possible to append this information as a custom claim that you can decode later?

I look forward to your reply.

Thanks,
Rueben

Hello @rueben.tiow ,

The dynamic parameter is actually a value being passed from one site to another after the authentication process.
And, yes, thank you for the mention, since my backup alternative was indeed the custom claim approach and I guess I will be going forward with it.

Thanks loads for the response.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.