Best practice for branching web form during Pre User Registration?

We want to allow signups only via user-entered email address and password (similar to Universal Flow), and also prompt the user for demographic info during signup. The prompts for input will change (or “branch”) based on what’s been entered so far. We also want to allow signup in which an external site POSTs extra info, which we will check for in our branching logic.

I found four different approaches in the docs, and I haven’t been able to determine if any of them allow the prompting and branching logic we need:

• Configuring the Lock Allows prompting for extra fields but no apparent support for branching
• Pre User Registration Action
• Redirect Rules But these seem to fire only after a signup or login
• Authorization Extension

Can someone point me to docs that show how any of these support prompting and branching logic?

We also want to allow signup in which an external site POSTs extra info

For this use-case, we’d like to provide a query path, so our server can verify that the request is legitimate, and then redirect to our landing page and include the info provided in the original POST. But it’s not clear how to pass the info securely. Redirect Users from Within Rules mentions a state query parameter and context.request.body.token but neither of these seems available before the user completes signup.