Hello. This is a continuation of this post.
I need to pass some custom data into action during login and use that data to create a custom claim in the access token. From the post above, I found out I can send a random identifier as a query param of /authorize endpoint and read that param in action using event.request.query (like this => https://dev-my.domain.auth0.com/authorize?randomid=123).
By chance, I also found out I can do the same using scopes. I can send some random scope (like this => scope: 'openid email profile randomid:123') and read it using event.request.query before it gets removed (randomid:123 is not predefined in my API so it will get removed from the token at the end of auth flow).
Is this behavior with scopes intended? I would like to use scopes for this, but if this was not intended I’ll use query parameters instead. Also, I couldn’t find anything about this in the documentation.
Edit: I’m using authorization code flow
Thanks in advance