PKCE code is dropped on sendUserTo

I’m trying to add a custom Action to the post-Login flow. The flow itself is PKCE-based and therefore requires the code value generated in the auth flow to be included in the final redirect back to our application from Auth0.

The Action I’ve written uses the sendUserTo redirect so that they go to our server in order to store some metadata before going back to Auth0 to complete the auth flow. However, the code parameter is stripped from the URL and therefore the auth flow fails when the user lands back in our app.

Just to be clear, the standard auth flow works, and passes both the required state and code params through to our app.

I found this older post, which describes exactly the same problem but that got closed without any explanation for how to ensure the code parameter was dropped after calling sendUserTo: Redirect with `code` on onExecutePostLogin

1 Like

Same issue here. Can someone please help out here?