this is a copy from someone elses issue that wasnt help and im experiencing the same issue. I sent the session token with a property called ‘state’ but the state from event.transaction.state versus what was sent to the external url
/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
console.log(event.transaction)
const YOUR_AUTH0_DOMAIN = event.request.hostname;
console.log("1. POSTLOGIN CALLED");
const state = event.transaction?.state
// Craft a signed session token
const token = api.redirect.encodeToken({
secret: event.secrets.SESSION_TOKEN_SECRET,
expiresInSeconds: 360000,
payload: {
state: event.transaction?.state,
// Custom claims to be added to the token
email: event.user.email,
externalUserId: 1234,
continue_uri: `https://${YOUR_AUTH0_DOMAIN}/continue`,
},
});
console.log("end")
api.redirect.sendUserTo("http://localhost:4200/consent", {
query: { session_token: token }
});
};
/**
* Handler that will be invoked when this action is resuming after an external redirect. If your
* onExecutePostLogin function does not perform a redirect, this function can be safely ignored.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onContinuePostLogin = async (event, api) => {
const payload = api.redirect.validateToken({
secret: event.secrets.SESSION_TOKEN_SECRET,
tokenParameterName: 'session_token',
});
console.log(event.request.query)
console.log("success")
};