We intended to implement a custom OTP implementation using the “Redirect Users from rules” feature similar to the example documented here: https://auth0.com/docs/rules/redirect . The feature is explicitly referred to as relating to redirect but the important part to us is the ability to suspend/resume the authentication flow using the state value.
We are currently using /oauth/ro and have no easy migration path so want to keep using it (see https://community.auth0.com/questions/1241/spa-with-hosted-login-page-upgrading-from-auth0js).
The “Redirect Users from rules” feature is not compatible with /oauth/ro since it’s consumed as an ajax call. Do we have alternatives that would not involve upgrade to v8, redirects or sso sessions? E.g.: Any way to get the ‘resume’ state in the rule itself (to call another endpoint from the rule) or maybe include ‘resume’ state in the json response for /oauth/ro?
I also understand the flow can’t continue from an ajax call so a redirectUrl being passed in on the initial ‘/auth/ro’ call would be needed with anticipation on OTP.