Custom Authorize params (extraParams)

Previously it was possible to supply extraParams using the Auth0.js library, see:

It seems this is no longer possible, because only whitelisted params are allowed:

Specifically we want to show the country a user selected at a previous page, and a button to abort the login and change this parameter.

Is it not possible to send extra information to the customized Universal Login Lock pages?

Regards,
Herman

1 Like

Iā€™m having the same issue, it is critical for us to be able to receive dynamic extra parameters for customizing the login experience

2 Likes

Check this thread out - Passing initialScreen to Lock from auth0-spa-js - #2 by ogazitt
It helped me. Hope it works for you too. Good luck!

1 Like

Thanks for sharing it with the rest of community!

1 Like

Iā€™m not sure if that fixes it @codenameredpanda, because last time I checked those parameters are not allowed and filtered out by the library, in the file I listed in the question. You will see a warning: ā€œFollowing parameters are not allowed on the /authorize endpoint: [params here]ā€.

Are you maybe using a older (or newer?!?) version of the library? The method loginWithRedirect is not an option in the library GitHub - auth0/auth0.js: Auth0 headless browser sdk in the WebAuth class. It only has authorize, which, like I said filters out those parameters.

Am I overlooking some functionality?

@herman , we are not using authO.js anymore. As the link mentions the solution mentioned is for authO-spa-js
Sorry didnā€™t realize you were looking for authO.js

In Auth0.js you can do this:

var webAuth = new auth0.WebAuth({
  domain: domain,
  clientID: clientId,
  redirectUri: window.location.href
});
webAuth.authorize({
  my_custom_param:"value"
});

The code linked above at auth0.js/parameters-whitelist.js at master Ā· auth0/auth0.js Ā· GitHub will give you a warning if your param itā€™s not in the allow list, but it will be included in the /authorize request nonetheless.

2 Likes

Thanks for sharing that Nico!

@herman, @konrad.sopala, do you have a solution for auth0-react.js?

1 Like

Do custom params still work for webAuth.authorize? I have added some custom params to auth0.webAuth and when I test this out locally it works, but when I try and do the same test with my changes deployed to my auth0 tenant the custom params get filtered out.

My example is something like this:

socialLogin(cb, connection, someId, someUserSelection) {
    const params = { connection, someUserSelection };

    if (someId) {
      params.someId = someId;
    }

    this.webAuth.authorize(params, cb);
  }
...
socialLogin(()=>{}, 'github', '123', 'pizza');

When checking auth0 rules I would expect there to be values in context.request.query.someId or context.request.query.someUserSelection.

We are using WebAuth version 9.20.2 if that makes any difference.