Problem with state param - passing a param from Universal Login to auth0 login rules

We have some issues with passing a flag from Universal Login page to the auth0 rules.
We have the following flow:

  1. Trigger the signup from our client landing page(Jaas landing page):

https://jaas.8x8.vc/login?mode=signUp&jaas=true

This calls the /authorize auth0 endpoint:
https ://eight.auth0.com/authorize?
redirect_uri=https ://jaas.8x8.vc/login?jaas=true&mode=signUp&jaas=true&audience=XXXXXXXXXXX&is_vpaas=true&client_id=XXXXXXXXXXXXXX&response_type=code&scope=openid email offline_access&state=xk7t0C

  1. The endpoint redirects to our Universal Login page - notice the state changes from xk7t0C to hKFo2SBCQzFUNGpMQXFBREZGWHpoYTJpbkw0Rk9yX0FsVDhHZqFupWxvZ2luo3RpZNkgQlNlZ2FrdnRLdmxPVWFGQjNoSEpLQ1p3dVNlNHI1WjGjY2lk2SA1UDhNY2YySGNZelY3UU9qNnhGM0o5dVpLb2R5NzN3dQ:
    https ://eight.auth0.com/login?state=hKFo2SBCQzFUNGpMQXFBREZGWHpoYTJpbkw0Rk9yX0FsVDhHZqFupWxvZ2luo3RpZNkgQlNlZ2FrdnRLdmxPVWFGQjNoSEpLQ1p3dVNlNHI1WjGjY2lk2SA1UDhNY2YySGNZelY3UU9qNnhGM0o5dVpLb2R5NzN3dQ&
    client=XXXXXXXXXXX&protocol=oauth2&redirect_uri=https ://jaas.8x8.vc/login?jaas=true&mode=signUp&jaas=true&audience=XXXXXXXXXX&is_vpaas=true&response_type=code&scope=openid email offline_access

  2. We trigger a sign up with google with passing the user’s selection for an optIn(opt_in) flag in the query:

https ://eight.auth0.com/authorize?
client_id=XXXXXXXXXXX&response_type=code&scope=openid email offline_access&audience=XXXXXXXXXXXXXX&_csrf=gLQ79lAR-nRAh-mVEWXD7POIQzEoQy_eetSw&
state=hKFo2SBCQzFUNGpMQXFBREZGWHpoYTJpbkw0Rk9yX0FsVDhHZqFupWxvZ2luo3RpZNkgQlNlZ2FrdnRLdmxPVWFGQjNoSEpLQ1p3dVNlNHI1WjGjY2lk2SA1UDhNY2YySGNZelY3UU9qNnhGM0o5dVpLb2R5NzN3dQ&
_intstate=deprecated&connection=google-oauth2&opt_in=true&auth0Client=XXXXXXXXXXXXXXX
image

  1. The query params as seen in the auth0 login rules:
    query {
    protocol: ‘oauth2’,
    redirect_uri: ‘https ://jaas.8x8.vc/login?jaas=true’,
    mode: ‘signUp’,
    jaas: ‘true’,
    audience: XXXXXXXXXX,
    is_vpaas: ‘true’,
    client_id: 'XXXXXXXXXXXXXXXX,
    response_type: ‘code’,
    scope: ‘openid email offline_access’,
    state: ‘xk7t0C’
    }

Please note that the state value is the state of the initial /authorize request triggered from our client(JaaS landing page)
Also the query params are the ones from the initial /authorize request, the optIn(opt_in) param sent on the social sign up with google is not present.
I did a few tests by manually passing the initial state value on the social sign up with google /authorize request, in this case I could see the opt_in param, but could not see the other query params we sent from the client in the auth0 rules.

So because the state changes between the initial /authorize and the redirect to our Universal Login, we cannot obtain in the rule the opt_in query param value which is set on our Universal Login page.

Passing the optIn flag to auth0 rule does work when choosing user/password connection


so the problem is only for social signup.

Please see another ticket reported by the community with an issue caused by the exact same behavior:

Do you have any suggestions on how we can pass our optIn(opt_in) value from our Universal Login page to the auth0 rule?

Thank you.