Is it a safe way to use the loginWithRedirect to pass extra parameter?

I have been searching for a solution to send some information over to the classic universal login screen from my app. One option is to use the loginWithRedirect with an extra parameter. Want to confirm with you: is it a secure way to do it?

Hey there @wan!

Yes, this is the correct way to pass params - If you are using v2 of auth0-react, auth0-angular, etc. then you will want to make sure and be aware of the introduction authorizationParams as outlined here.

Hope this helps!

Thanks @tyf ! Want to add more context: we want to pass a jwt token which contains user’s information(e.g. email) to Classic Universal Login via this way. Is it secure if we use loginWithRedirect?

1 Like

No problem, happy to help where I can!

Hmm… I’m not entirely sure what you mean by passing a jwt to UL - Is there a reason in particular you’d do this? Can you elaborate on the overall use case a bit?


For our case: We encode the user’ email. And the token is actually the user email. We want to pass the token to the classic universal login page, then decode it to get user email. So, want to ensure it’s the correct and secure way because “redirect” happens in the process. and we might not want to expose the token in the network.

Hey @tyf , is it a secure way for our case?

Hey @wan!

It’s secure in the sense that if sent in the POST it will be over https - It’s still unclear to me why you’d need to include a token in the request at all. If you include the email scope in the request, you’ll end up with an email claim in tokens as well.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.