Auth0 Home Blog Docs

Lock v10 params state not available in rules

lock-10
event

#1

I’m not able to retrieve the value of the state param that I am setting in the option in any rule. I would like to use the state param as an identifier for Sign Up vs Login. I’m sure this was working in earlier versions but does not seem to be available now. fragment in options is:

    auth: {
        sso: false,
        avatar: null,
        responseType: 'token',
        redirect: false,
        params: {state: 'signup'}
    },

Additionally, when a rule returns:

return callback(new UnauthorizedError('Please verify your email before logging in.'));

Lock does not call any of the available events. It just sits there with the message on screen and does not allow me to take any action (display a message, execute a Lock.hide() etc.)
Following are additional config options:

    // options for lock
    initialScreen: 'signUp',
    allowLogin: false,
    allowForgotPassword: false,
    allowSignUp: true,
    // autoclose: true,
    autofocus: true,
    loginAfterSignup: false,

I have disabled login (that is on a separate screen) and loginAfterSignup (Don’t want the user to be able to access the site till they’ve verified their email)


#2

There’s a few things worth pointing out here, in particular:

  • rules run as part of user authentication; if you only signup a user then rules won’t execute. If you want to run code that reacts to a database user registration event you should consider using the pre-registration or post-registration hooks. In rules, if you need a robust way to run code upon the first login operation after the user has registered you can do that with conditional logic and a flag in app_metadata to know if you already had run the code or not.
  • the state parameter should be used to maintain state useful for the client application and also for CSRF protection of the redirection endpoint; this value should be opaque (not processed) to the authorization server and rules are part of the authorization server so as general guideline you should not be making decisions based on it in a rule.
  • you state that you disabled login after signup, but if you’re really using that configuration then login is still being performed because the option to disable it is named loginAfterSignUp and you’re using loginAfterSignup (the U should be uppercase).

In addition, if I do perform a login with a rule that throws the error in question I did get an authorization error event called. The recommendation here would be for you to review if the configuration you’re using in the code is indeed accurate and also take in consideration that rules only run for a user authentication so you may want to review your whole approach.


#3

Hi jmangelo,
Thanks for the answer. Much appreciated. As you correctly pointed out my problem was the capital “U” in loginAfterSignUp. Once I fixed that it has sorted out most of my issues.

One issue that I can’t yet seem to resolve is getting notified in my app (via Lock) that the registration succeeded. I want to display an alternative message after successful registration.

Are there any particular events that I could trap to get the result of a registration (successful or unsuccessful)?

Thanks


#4

Hi jmangelo,
Thanks for the answer. Much appreciated. As you correctly pointed out my problem was the capital “U” in loginAfterSignUp. Once I fixed that it has sorted out most of my issues.

One issue that I can’t yet seem to resolve is getting notified in my app (via Lock) that the registration succeeded. I want to display an alternative message after successful registration.

Are there any particular events that I could trap to get the result of a registration (successful or unsuccessful)?

Thanks


#5