I followed https://auth0.com/docs/compliance/gdpr/features-aiding-compliance/user-consent/track-consent-with-lock#option-3-redirect-to-another-page and opted in for “Option 3” to cater for user-password, as well as social logins (Google, Facebook).
When using user/password, everything works flawlessly.
- User authenticates
- Redirect rule confirmed to be running and redirecting to legal consent page
- User agrees with legal terms and hits the /continue endpoint, including state parameter
- Redirect rule confirmed to be running and storing consent opt in to database
- Callback is happening and user is logged in
When using a social login provider to authenticate step 1-3 is happening as well, including the state parameter being attached to the /continue url parameters. Unfortunately though step 4 fails, as the rule is not running (I have a console.log on line 1 to confirm) and /code?state=xxx returns Unauthorized instead.
Any idea what I’m doing potentially doing wrong here? There’s nothing in the logs when step 4 fails… nothing on the global logs, nor on the rule logs.