I am using Auth0.js v9.8.2 in my React SPA with a custom UI. When the authentication is successful, Auth0 redirects to the redirect URL which was passed to the WebAuth constructor. At redirection, the URL contains the hash of authentication response. My question is that is it possible to pass a custom parameter so that it is included in the Redirect URI along with the hash.
Hi Abhishek. The only parameter of the authentication request that will be returned in the authentication response is the state parameter, which applications should use to:
- Prevent CSRF login attacks
- Restore application state before the authentication request.
Auth0.js does the first part automatically (it generates a random state that stores client-side and checks that it matches the one returned in the response). Auth0.js can also help you restore application state by storing data locally associated to that state and giving you the data back on the response by using the appState option on the authorize() request (this one):
this.auth0.authorize( {
appState: {
[..] // any values that you want back on the authentication response
}
});
You’ll get the appState back as part of the authResult of parseHash (e.g. here).
Note that the values you provide are stored in a (short-lived) cookie (or localStorage, depending on the version), so you’ll want to keep the size under control.
2 Likes
Thanks. Worked like a charm.
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.