Authentication works fine, but it seems that the query parameters are removed from the redirect URL during login. Once logged in we can deep-link without issue.
- When unauthenticated, a user navigates to
- The site recognizes that the user is unauthenticated and redirects to Auth0.
- User signs in.
- Auth0 redirects to site with
codeparameter. Along with this request, Auth0 sets a cookie
a0.spajs.txs.[base64 text]that contains a JSON blob with two key pieces of information:
redirect_uriwhich is just the scheme (
https) and host (
targetUrlwhich is the path without any query parameters.
- The site exchanges the code for a JWT.
- (I’m guessing) The Auth0 package assembles the
targetUrlfrom the cookie and redirects the user there, thereby removing the query parameters from the original request.
For further deep-link requests, the site doesn’t have to perform the code exchange anymore, so the navigation works fine.