Rails Quickstart - how to redirect to another page. Hardcoded in controller

I’ve implemented the rails Quickstart as shown by Auth0. However the callback in the controller is hardcoded to go to a single location (in this case dashboard). I want to be able to send in the callback a way to select another url. What I want to do is include the Secured concern in another controller so if the user selects a route to that controller before being authenticated that it goes to Auth0 and then once authenticated it returns to that controller and not to a hardcoded page like dashboard (or any other hardcoded page)

class Auth0Controller < ApplicationController
  def callback
    # OmniAuth stores the information returned from Auth0 and the IdP in request.env['omniauth.auth'].
    # In this sample, you will pull the raw_info supplied from the id_token.
    # If the id_token is needed, you can get it from session[:userinfo]['credentials']['id_token'].
    # Refer to https://github.com/auth0/omniauth-auth0#authentication-hash for complete information on 'omniauth.auth' contents.
    puts request.inspect
    session[:userinfo] = request.env['omniauth.auth']['extra']['raw_info']

    redirect_to '/dashboard'
  end

  # if user authentication fails on the provider side OmniAuth will redirect to /auth/failure,
  # passing the error message in the 'message' request param.
  def failure
    @error_msg = request.params['message']
  end

  def logout
    reset_session
    redirect_to logout_url, allow_other_host: true
  end

  private

  AUTH0_CONFIG = Rails.application.config.auth0

  def logout_url

    request_params = {
      returnTo: root_url,
      client_id: Rails.application.config.auth0['auth0_client_id']
    }

    URI::HTTPS.build(host: AUTH0_CONFIG['auth0_domain'], path: '/v2/logout', query: request_params.to_query).to_s
  end
end

I suspect the answer is to send a state parameter with the auth post but when I do the state does not return in the callback. In fact the state seems to be self generated somewhere in the ouauth-auth0 gem. Observe here when I sent the auth with a state of 12. The Gem seems to generate a state of ac44a8e8697d81d096067364db9e79c0ad804363d1bb080c which is in fact returned in the callback.

08:48:33 web.1 | Started POST “/auth/auth0?state=12” for ::1 at 2022-11-18 08:48:33 -0500
08:48:33 web.1 | D, [2022-11-18T08:48:33.014452 #24526] DEBUG – omniauth: (auth0) Request phase initiated.
08:48:50 web.1 | Started GET “/auth/auth0/callback?state=ac44a8e8697d81d096067364db9e79c0ad804363d1bb080c&code=M0qV3Q9_UC-93saObl5_Aqqa45MVL2id5cUyJqNnTG4bP” for ::1 at 2022-11-18 08:48:50 -0500
08:48:50 web.1 | D, [2022-11-18T08:48:50.301559 #24526] DEBUG – omniauth: (auth0) Callback phase initiated.
08:48:50 web.1 | OAuth2::AccessToken.from_hash: hash contained more than one ‘token’ key ([“access_token”, “id_token”]); using “access_token”.
08:48:50 web.1 | Processing by Auth0Controller#callback as HTML
08:48:50 web.1 | Parameters: {“state”=>“ac44a8e8697d81d096067364db9e79c0ad804363d1bb080c”, “code”=>“M0qV3Q9_UC-93saObl5_Aqqa45MVL2id5cUyJqNnTG4bP”}
08:48:50 web.1 | #<ActionDispatch::Request GET “http://localhost:3001/auth/auth0/callback?state=ac44a8e8697d81d096067364db9e79c0ad804363d1bb080c&code=M0qV3Q9_UC-93saObl5_Aqqa45MVL2id5cUyJqNnTG4bP” for ::1>
08:48:50 web.1 | Redirected to http://localhost:3001/dashboard
08:48:50 web.1 | Completed 302 Found in 0ms (Allocations: 168)

How do I either

  1. set the state myself to come back to me? or
  2. access the gem created state so presumably I can store something in the session and get it back on the return?

Also, I have not been able to find where the auth/auth0 route is handled in the omniauth-auth0 gem. I think I would need to intercept the route and save state before it is called so if anyone knows where that lives it would also be help.

I had the exact same questions. Did you find answers to them?