[Rules redirect] Pass data from redirect page back to rule engine

Is there any way to pass data back to the Auth0 rule engine through the HTTP request?

Example:
A single user can have multiple login contexts (a, b and c). When the user logs on, we want the selected context to be included in a claim. We redirect the user to an external page during the authentication process, and have him select which context he wants to login to. Can we pass that selected context back to the rules through the callback request (/continue?state)?

If the context is not sensitive information, you could pass it back in the /continue callback (alongside the mandatory state parameter). You would always need to check if the user is actually allowed in the selected context further along. Say a user gets redirected, then selects “context A”, then they manually change it to “context X” on the query string. The rule better check that “X” is invalid.

If you want to prevent tampering of the selection, you can pass it back as a JWT (signed with a common secret between the rule and your redirect hosting app), and with a very short expiration.

6 Likes

Thanks for the answer. Yes, that was what I thought aswell. I could however not find any way of getting that query parameter inside the rules. Could you tell me where I would be able to get this information? I’ve tried looking in the context parameter, but couldn’t find it

Bump. Still wondering how to do this

EDIT: No, I finally figured it out. It was context.request.query, but I got fooled by fact that console.log(context) only displayed the first two levels, and listed the query part as Object.

Consider this solved :slight_smile: Thanks for the help, @Eugenio_Pace

Glad to hear it. JSON.stringify is your friend. Good luck!

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.