How to send client side data via authorize

Get Help
,
1

Good day,

I am using react-native-auth0

I would like to pass along some extra data, to be used in a server side action on Auth0.

In my react-native code, I am doing something like this:

const {authorize, getCredentials, user, clearSession, error} = useAuth0();

...

await authorize(
    {
      scope:
        'openid profile offline_access enroll read:authenticators remove:authenticators',
      audience: `https://${config.auth0.domain}/mfa/`,
      user_metadata: {
        invitationToken: 'MY_INVITE_TOKEN',
      },
    },
    {
      ephemeralSession: true,
    },
  );

But for some reason, user_metadata is not accable inside the Action, nor is it showing up in the logs.

How can I pass some client side data to the authorize flow (I need it for both Login and Signup)?

Thank you,

Franck

3

Hey there @fnadeau !

Happy to work on this together.

I would need a few details -

  1. Can you please confirm you refer to this auth0 SDK?
    Is there a compatibility between your appā€™s React Native SDK version and the chosen auth0 SDK (can be checked in the Readme.md )

  2. If Iā€™m not mistaken the authorize method you shared here is to bring the user to the login page to authenticate. What Login page you use? Universal Login / New universal Login / embedded login?

  3. Could share more information on the action youā€™re working on?

  • what flow and trigger you refer to?

Thanks!

4

  1. Yes, I am using the SDK that you linked above. Here is my entry in package.json
    "react-native-auth0": "^2.17.4"

  2. Yes, authorize shows the login page, BUT users can also sign-up form that page. We are using New Universal login.

  3. On Pre User Registration we want to validate an internal-invitation-token (token generated by our system when inviting a user to one of our tasks). We also want to verify if there is a similar token on Login.

Thank you for the help.

6

Hey Franck @fnadeau !
The issue you encounter here can be reduced to IdP not supporting the custom ā€˜user_metadataā€™ parameter in /authorize requests.

The parameter you would like to use (I assume) can be classified as ā€œupstream parameterā€ which would be sent to IdP in /authorize requests.

Upstream parameters, with some limitations, have to be first set for specific connection (like for example Username-Password-Authentication) via the Management API to make them available for /authorize requests.

It works this way:

There is a preset list of fields that you can map your custom parameter with.
Once you choose the field, use it in your /authorize requests.

Example:
Updating connection with an upstream parameter:

curl --request PATCH \
  --url 'https://{yourDomain}/api/v2/connections/specific_connection' \
  --header 'authorization: Bearer {yourMgmtApiAccessToken}' \
  --header 'content-type: application/json' \
  --data '{
  'options': {
    'upstream_params': {
      'screen_name': {
        'alias': 'login_hint'
      }
    }
  }
}'

Where: ā€˜login_hintā€™ is a preset field, and ā€˜screen_nameā€™ is a custom parameter of your choice. Login_hint used in /authorize parameters will be passed as ā€˜screen_nameā€™ to Auth0.

I think you could try with this approach (a guidance with the list of available fields here). Please let me know if that works for you. Thanks!