Custom Authorize params (extraParams)

Previously it was possible to supply extraParams using the Auth0.js library, see:

It seems this is no longer possible, because only whitelisted params are allowed:

Specifically we want to show the country a user selected at a previous page, and a button to abort the login and change this parameter.

Is it not possible to send extra information to the customized Universal Login Lock pages?

Regards,
Herman

1 Like

I’m having the same issue, it is critical for us to be able to receive dynamic extra parameters for customizing the login experience

2 Likes

Check this thread out - Passing initialScreen to Lock from auth0-spa-js
It helped me. Hope it works for you too. Good luck!

1 Like

Thanks for sharing it with the rest of community!

1 Like

I’m not sure if that fixes it @codenameredpanda, because last time I checked those parameters are not allowed and filtered out by the library, in the file I listed in the question. You will see a warning: “Following parameters are not allowed on the /authorize endpoint: [params here]”.

Are you maybe using a older (or newer?!?) version of the library? The method loginWithRedirect is not an option in the library https://github.com/auth0/auth0.js#auth0webauth in the WebAuth class. It only has authorize, which, like I said filters out those parameters.

Am I overlooking some functionality?

@herman , we are not using authO.js anymore. As the link mentions the solution mentioned is for authO-spa-js
Sorry didn’t realize you were looking for authO.js

In Auth0.js you can do this:

var webAuth = new auth0.WebAuth({
  domain: domain,
  clientID: clientId,
  redirectUri: window.location.href
});
webAuth.authorize({
  my_custom_param:"value"
});

The code linked above at auth0.js/parameters-whitelist.js at master · auth0/auth0.js · GitHub will give you a warning if your param it’s not in the allow list, but it will be included in the /authorize request nonetheless.

2 Likes

Thanks for sharing that Nico!

@herman, @konrad.sopala, do you have a solution for auth0-react.js?