We have some issues with passing a flag from Universal Login page to the auth0 rules.
We have the following flow:
- Trigger the signup from our client landing page(Jaas landing page):
https://jaas.8x8.vc/login?mode=signUp&jaas=true
This calls the /authorize auth0 endpoint:
https ://eight.auth0.com/authorize?
redirect_uri=https ://jaas.8x8.vc/login?jaas=true&mode=signUp&jaas=true&audience=XXXXXXXXXXX&is_vpaas=true&client_id=XXXXXXXXXXXXXX&response_type=code&scope=openid email offline_access&state=xk7t0C
-
The endpoint redirects to our Universal Login page - notice the state changes from xk7t0C to hKFo2SBCQzFUNGpMQXFBREZGWHpoYTJpbkw0Rk9yX0FsVDhHZqFupWxvZ2luo3RpZNkgQlNlZ2FrdnRLdmxPVWFGQjNoSEpLQ1p3dVNlNHI1WjGjY2lk2SA1UDhNY2YySGNZelY3UU9qNnhGM0o5dVpLb2R5NzN3dQ:
https ://eight.auth0.com/login?state=hKFo2SBCQzFUNGpMQXFBREZGWHpoYTJpbkw0Rk9yX0FsVDhHZqFupWxvZ2luo3RpZNkgQlNlZ2FrdnRLdmxPVWFGQjNoSEpLQ1p3dVNlNHI1WjGjY2lk2SA1UDhNY2YySGNZelY3UU9qNnhGM0o5dVpLb2R5NzN3dQ&
client=XXXXXXXXXXX&protocol=oauth2&redirect_uri=https ://jaas.8x8.vc/login?jaas=true&mode=signUp&jaas=true&audience=XXXXXXXXXX&is_vpaas=true&response_type=code&scope=openid email offline_access
-
We trigger a sign up with google with passing the user’s selection for an optIn(opt_in) flag in the query:
https ://eight.auth0.com/authorize?
client_id=XXXXXXXXXXX&response_type=code&scope=openid email offline_access&audience=XXXXXXXXXXXXXX&_csrf=gLQ79lAR-nRAh-mVEWXD7POIQzEoQy_eetSw&
state=hKFo2SBCQzFUNGpMQXFBREZGWHpoYTJpbkw0Rk9yX0FsVDhHZqFupWxvZ2luo3RpZNkgQlNlZ2FrdnRLdmxPVWFGQjNoSEpLQ1p3dVNlNHI1WjGjY2lk2SA1UDhNY2YySGNZelY3UU9qNnhGM0o5dVpLb2R5NzN3dQ&
_intstate=deprecated&connection=google-oauth2&opt_in=true&auth0Client=XXXXXXXXXXXXXXX
- The query params as seen in the auth0 login rules:
query {
protocol: ‘oauth2’,
redirect_uri: ‘https ://jaas.8x8.vc/login?jaas=true’,
mode: ‘signUp’,
jaas: ‘true’,
audience: XXXXXXXXXX,
is_vpaas: ‘true’,
client_id: 'XXXXXXXXXXXXXXXX,
response_type: ‘code’,
scope: ‘openid email offline_access’,
state: ‘xk7t0C’
}
Please note that the state value is the state of the initial /authorize request triggered from our client(JaaS landing page)
Also the query params are the ones from the initial /authorize request, the optIn(opt_in) param sent on the social sign up with google is not present.
I did a few tests by manually passing the initial state value on the social sign up with google /authorize request, in this case I could see the opt_in param, but could not see the other query params we sent from the client in the auth0 rules.
So because the state changes between the initial /authorize and the redirect to our Universal Login, we cannot obtain in the rule the opt_in query param value which is set on our Universal Login page.
Passing the optIn flag to auth0 rule does work when choosing user/password connection
so the problem is only for social signup.
Please see another ticket reported by the community with an issue caused by the exact same behavior:
Do you have any suggestions on how we can pass our optIn(opt_in) value from our Universal Login page to the auth0 rule?
Thank you.