Logout redirect URL ignores additional URL query parameters in custom rule

Context

Performing a logout operation in a custom auth pipeline rule including a redirect URL. Involved code:

    const redirectUrl = 'http://localhost:8000/login?a=1&b=2';
    return callback(null, user, {...context, redirect: {url:
      `https://flinkit-dev.eu.auth0.com/v2/logout?returnTo=${encodeURI(redirectUrl)}&client_id=${context.clientID}`
    }});

Expected behavior

When specifying multiple URL query parameters for the v2/logout endpoint they will all be respected when auth0 performs the redirect. Using the example code in the auth pipeline rule, auth0 redirects to http://localhost:8000/login?a=1

Actual behavior

Only the first URL query parameter is respected, all other get cut off. Given the example code above auth0 actually redirects to http://localhost:8000/login?a=1&b=2.

Any update here? I am having the same issue but with the login returnTo.

I need to add multiple query params to the returnTo URL but only the first one is respected (as noted above).

e.g.

with a returnTo of /some/path?a=1&b=2, after the redirect happens post login, the path is /some/path?a=1 and the b=2 is ignored.

Auth0, any response? it’s been 3 months!

There’s a workaround:

since it only seems to respect the first query variable, encode all of the key-value pairs into the first variable, and then decode them later after login into the original form. This seemed to work for me.

Not the ideal solution, but one that worked nonetheless.

Sadly, even the workaround fails in my React app that uses useAuth0.

I’ve just spent some time watching the behavior (in VisualStudio Code) after loginWithRedirect.

I see the first parameter being passed ONLY while the isLoading export of useAuth0 is false.

The app will re-render until that becomes true.

On that render, the first query parameter is not passed, and therefore the attempt to pass values back to the App fails.

I’m going to open a new topic tomorrow, in hopes that a real fix can be found.

This is pretty terrible. Can anyone from Auth0 weigh in?

Just noticed that I messed up the expected and actual URL redirects to. But I can see the problem still got across and it affects other auth0 users, too.

You may have incorrectly encoded the & in the redirectUrl.

Auth0 team, any update on this?

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

Hi there,
sadly that’s still an issue. In my case it’s with returnTo using withPageAuthRequired from nextjs-auth0.
Any updates or proposals?

You helped us a lot, because we faced the same issue after login flow. Thanks a lot!

Here is the snippet if anyone needs it in the future.

Assuming your app router page is in the directory app/dashboard/user and the link with query params you suppose to handle is /dashboard/user?queryParam1=123&queryParam2=456:

export default withPageAuthRequired(
  async function YourPage({ searchParams }: YourPage) {
    // page login
    return (
        <div>your page details</div>
    )
  },
  {
    returnTo: ({ searchParams }: AppRouterPageRouteOpts) => {
      const queryParam1 = searchParams?.queryParam1 ?? '' // 123
      const queryParam2 = searchParams?.queryParam2 ?? '' / 456

      const queryString = `queryParam1=${queryParam1}&queryParam2=${queryParam2}`

      const returnUrl = `/dashboard/user?${queryString}`

      const encodedReturnUrl = encodeURIComponent(returnUrl)

      return encodedReturnUrl
    }
  }
)