Hosted login page @@config@@ object and query parameters

Hi,

We are trying to implement an account linking feature. This will be implemented in ruby using the omniauth-auth0 and auth0-ruby library.

For the login page we are using the hosted login pages. We are currently stuck on how to pass configuration parameters as query parameters to the /auth/auth0 redirect URL.

For each type of account login, for instance Facebook or Google, we only want to show that login method on the login page. So when a user clicks on a button “Link Google account”, only the google social login should be available. This would also mean we would like to customise the login page title and not remember the current logged in user.

In the Lock code of the hosted login page, you can see different configuration options that handle these settings (or so we think):

config.dict.signin.title
config.connection
config.prompt

But we are unable to find how to pass these settings as query parameters. We can’t find any documentation which settings can be overwritten directly, or if we need to pass the on as extraParams or even how to pass them as extraParams in the query string.

Any guidance would be appreciated. Perhaps some custom code is needed on the hosted login pages as well?

Kind regards.

1 Like

Is there anyone who can share some insight?

Apologies for the delay @MichaelRigart.

Generally, one way to pass data from the login page/redirect on your site back to the callback URL is to use the state parameter (explained here). OmniAuth does all the state setting and validation behind the scenes but I’m sure you can extend that to store your own (base64 encoded hash), which will be validated automatically. Then, on the callback, retrieve, decode, and use the custom values.

If you’re just trying to authentication with a single connection, you can pass that as a connection parameter to the /authorize URL using the Auth0::API::AuthenticationEndpoints::authorization_url method. That will forward you directly to the login process for that connection. In a new callback URL (so it doesn’t get pass through OmniAuth), get the strategy used from :uid and associate with the current user logged in. You’ll want to store, send, and verify state here as well. You won’t even see the login page so no customization is needed there.

Let me know if you have any questions here!