While creating an Action that redirects users to an external web page, after the redirection, there is a need to send some data back to the Action on the front channel.
To avoid replay attacks, the token should be sent back to Auth0 by making a POST request to the
/continue endpoint. The
tokenParameterName option in the code allows you to specify the name of the field that contains your token.
There is a Cross Origin error when sending data back to actions.
CORS errors appear in the DevTools Network Logs when hitting the /continue endpoint.
Making a POST request with AJAX, will cause a CORS error. This is the unsupported use case.
Making a redirect or page transaction happen is necessary, letting the value in the URL bar change.
- Make a GET request (not an AJAX but
window.location = "https://yourdomain.auth0.com?state=xxx"" or
- Don’t expose your signing secret to the front-end codes. Sign the JWT token on the backend.
- Or use Form POST