i’m pretty sure i know what the answer is going to be, as i’ve seen what i believe are similar topics but just in case they are old topics or my use case is slightly different i thought i’d ask.
i want to have a user select from a list of tiers they want to sign up to (lets say free, basic, pro for example). and have that tier name passed through the auth0 sign up process and handed back in the callback, so in my callback i can do certain logic based on if tier = basic etc.
i’ve tried adding to the state, but then saw another post saying not to use state as its there for CSRF so thats out. im not sure how else to do it? basically i just need back something like tier:basicin the callback somehow (like in the response payload or the url or whatever)
apologies if it has been covered before, and thank you for helping!
for info i’m using auth0-nextjs sdk on v3.8.0
Hi @nikemeal
Welcome to the Auth0 Community!
Reading through your use-case, one way this can be approached is by adding a custom param in the /authorize request, then pick this query parameter up in an Action with event.request.query. After this, you can then add the parameter in the user’s app_metadata or into your IdToken as a custom claim.
I recommend reading through the following documentation for adding Custom Query Parameter to the /authorize request for more insight - this is also confirmed in our following Support Article
Hope this helped with your implementation!
Have a great one,
Gerald
thank you so much. id tried setting the param through authorization and using actions but it never read them, the missing part was the ext- of the param.
much appreciated gerald, thanks!
ok so a little weird one. it worked last night and in my callback i could see event.request.query.ext-tier fine. today i made a couple of changes, and now the whole app_metadata block isn’t being returned. i can see the action is getting hit and doing the bits i want, but in my callback i dont have the data.
im sure last night in my callback i was having the app_metadata returned as i was testing by logging it out to a text file and can see it picked up the tier correctly.
have i missed something obvious?
actually dont worry, i ended up just making a call to the management api in the callback to get the data i needed. it might not be the most efficient way, i dont know, but it did what i needed 