Auth0 Home Blog Docs

Is rule redirect state visible from with rule?


#1

Hi folks. Hoping someone here can help me.

Question: Is the state value that will be passed in redirects available to a rule that is setting the context.redirect.url value?

Context:

I am trying to implement a rule to enforce first time login password change using the out of the box hosted password change page. I am successfully getting a password change ticket and setting it in context.redirect.url and am correctly redirected to the password change page.

However, I am trying to set the result_url parameter of the createPasswordChangeTicket API to what I expect the login continue URL to be (eg: “https://tenant.auth0.com/continue?state=” + (context.request.query.state || context.request.body.state) ) but the returned state value does not match the state value that is returned does not match the state that continue expects.

Right now if I don’t use result_url and let the password change page notify of the change internally then it works, but then the user needs to navigate back to the login page manually which is undesirable. I’m also concerned about the impact of initiating rule redirects that never callback to /continue in our production solution.