I have been searching for a solution to send some information over to the classic universal login screen from my app. One option is to use the loginWithRedirect with an extra parameter. Want to confirm with you: is it a secure way to do it?
Thanks @ty.frith ! Want to add more context: we want to pass a jwt token which contains user’s information(e.g. email) to Classic Universal Login via this way. Is it secure if we use loginWithRedirect?
No problem, happy to help where I can!
Hmm… I’m not entirely sure what you mean by passing a jwt to UL - Is there a reason in particular you’d do this? Can you elaborate on the overall use case a bit?
Sure!
For our case: We encode the user’ email. And the token is actually the user email. We want to pass the token to the classic universal login page, then decode it to get user email. So, want to ensure it’s the correct and secure way because “redirect” happens in the process. and we might not want to expose the token in the network.
Hey @ty.frith , is it a secure way for our case?
Hey @wan!
It’s secure in the sense that if sent in the POST it will be over https - It’s still unclear to me why you’d need to include a token in the request at all. If you include the email scope in the request, you’ll end up with an email claim in tokens as well.