Logout redirect URL ignores additional URL query parameters in custom rule

lars-flinkit · November 16, 2021, 9:32am

Context

Performing a logout operation in a custom auth pipeline rule including a redirect URL. Involved code:

    const redirectUrl = 'http://localhost:8000/login?a=1&b=2';
    return callback(null, user, {...context, redirect: {url:
      `https://flinkit-dev.eu.auth0.com/v2/logout?returnTo=${encodeURI(redirectUrl)}&client_id=${context.clientID}`
    }});

Expected behavior

When specifying multiple URL query parameters for the v2/logout endpoint they will all be respected when auth0 performs the redirect. Using the example code in the auth pipeline rule, auth0 redirects to http://localhost:8000/login?a=1

Actual behavior

Only the first URL query parameter is respected, all other get cut off. Given the example code above auth0 actually redirects to http://localhost:8000/login?a=1&b=2.

headwall-labs · February 25, 2022, 12:52am

Any update here? I am having the same issue but with the login returnTo.

I need to add multiple query params to the returnTo URL but only the first one is respected (as noted above).

e.g.

with a returnTo of /some/path?a=1&b=2, after the redirect happens post login, the path is /some/path?a=1 and the b=2 is ignored.

Auth0, any response? it’s been 3 months!

headwall-labs · February 25, 2022, 4:19pm

There’s a workaround:

since it only seems to respect the first query variable, encode all of the key-value pairs into the first variable, and then decode them later after login into the original form. This seemed to work for me.

Not the ideal solution, but one that worked nonetheless.

tms · December 2, 2022, 12:27am

Sadly, even the workaround fails in my React app that uses useAuth0.

I’ve just spent some time watching the behavior (in VisualStudio Code) after loginWithRedirect.

I see the first parameter being passed ONLY while the isLoading export of useAuth0 is false.

The app will re-render until that becomes true.

On that render, the first query parameter is not passed, and therefore the attempt to pass values back to the App fails.

I’m going to open a new topic tomorrow, in hopes that a real fix can be found.

studiolb · January 5, 2023, 1:07am

This is pretty terrible. Can anyone from Auth0 weigh in?

lars-flinkit · January 5, 2023, 8:43am

Just noticed that I messed up the expected and actual URL redirects to. But I can see the problem still got across and it affects other auth0 users, too.

adrian.baker2 · March 7, 2023, 5:17am

You may have incorrectly encoded the & in the redirectUrl.

shantanu · October 16, 2023, 8:49pm

Auth0 team, any update on this?