Pass custom parameter to rule from Universal Login page


I’ve seen in several posts (here and here for example) that it is possible to pass a custom parameter to a rule. However, my rule doesn’t receive the parameter. Has anything changed? Am I doing anything wrong?

Here is what I’m doing.

We use the Universal Login page (Classic experience, with Lock js).
In the template, I insert a custom parameter, here is an extract:

    var params = config.internalOptions;
    params.extra_param_test = "test";
    // Available Lock configuration options:
    var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
      auth: {
        redirectUrl: config.callbackURL,
        responseType: (config.internalOptions || {}).response_type ||
          (config.callbackOnLocationHash ? 'token' : 'code'),
        params: params

Note that the console.log confirms that the extra_param_test is inserted.

When inspecting the context object in a rule, the extra_param_test is not in the query object. Here is an extract:

    "request": {
        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0",
        "ip": "****",
        "hostname": "sso.*****.com",
        "query": {
            "client_id": "******",
            "audience": "https://sso.*****.com/api/v2",
            "redirect_uri": "http://localhost:8080/",
            "mode": "null",
            "scope": "openid profile email offline_access",
            "response_type": "code",
            "response_mode": "web_message",
            "state": "******",
            "nonce": "*****",
            "code_challenge": "******",
            "code_challenge_method": "S256",
            "prompt": "none",
            "auth0Client": "****"
        "body": {},
        "geoip": {

Thanks for your help.

With best wishes,

Answer: because we have turned on the OIDC compliance flag.

Hey Jeremy,

not sure if you’re still looking for some hints in this matter.
The extra_params property is filled with the actual added query parameters in the request to the /authorize endpoint.

When the Lock (hosted) login page is rendered you’ll notice the url has changed to /login.
Changing the query params on that url does not modify the extra_params property.

I also don’t believe it’s possible to modify anything in the ‘context.request.query’ from the Lock screen/code or anywhere else outside of the actual Get request to the /authorize endpoint.

In short, it’s the application redirecting to Auth0 that decides what extra query parameters are included.

Hope it helps!