Logout redirect URL ignores additional URL query parameters in custom rule

lars-flinkit · November 16, 2021, 9:32am

Context

Performing a logout operation in a custom auth pipeline rule including a redirect URL. Involved code:

    const redirectUrl = 'http://localhost:8000/login?a=1&b=2';
    return callback(null, user, {...context, redirect: {url:
      `https://flinkit-dev.eu.auth0.com/v2/logout?returnTo=${encodeURI(redirectUrl)}&client_id=${context.clientID}`
    }});

Expected behavior

When specifying multiple URL query parameters for the v2/logout endpoint they will all be respected when auth0 performs the redirect. Using the example code in the auth pipeline rule, auth0 redirects to http://localhost:8000/login?a=1

Actual behavior

Only the first URL query parameter is respected, all other get cut off. Given the example code above auth0 actually redirects to http://localhost:8000/login?a=1&b=2.

headwall-labs · February 25, 2022, 12:52am

Any update here? I am having the same issue but with the login returnTo.

I need to add multiple query params to the returnTo URL but only the first one is respected (as noted above).

e.g.

with a returnTo of /some/path?a=1&b=2, after the redirect happens post login, the path is /some/path?a=1 and the b=2 is ignored.

Auth0, any response? it’s been 3 months!

headwall-labs · February 25, 2022, 4:19pm

There’s a workaround:

since it only seems to respect the first query variable, encode all of the key-value pairs into the first variable, and then decode them later after login into the original form. This seemed to work for me.

Not the ideal solution, but one that worked nonetheless.