Passing data to action during login using scopes

Hello. This is a continuation of this post.

I need to pass some custom data into action during login and use that data to create a custom claim in the access token. From the post above, I found out I can send a random identifier as a query param of /authorize endpoint and read that param in action using event.request.query (like this => https://dev-my.domain.auth0.com/authorize?randomid=123).

By chance, I also found out I can do the same using scopes. I can send some random scope (like this => scope: 'openid email profile randomid:123') and read it using event.request.query before it gets removed (randomid:123 is not predefined in my API so it will get removed from the token at the end of auth flow).

Is this behavior with scopes intended? I would like to use scopes for this, but if this was not intended I’ll use query parameters instead. Also, I couldn’t find anything about this in the documentation.

Edit: I’m using authorization code flow

Thanks in advance

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!