Send custom params on login with user and password

I want to send custom parameters on signup when I use .redirect.signupAndLogin to receive them with on callback. I’m using the state prop with .authorize when signup with social networks and It works fine but it doesn’t work with signupAndLogin. Are there an option to do that?

Thanks!

Hey @osvald01 - welcome to the Auth0 Community!

Could you please clarify what you mean by a social signup? Social connections are federations into Auth0 - technically, there is no signup, but only a first login, since the account is already created in the IdP you’re federating from.

The state is supposed to be used to prevent CSRF attacks, so I highly recommend using it for that rather than to return a custom parameter.

What are you trying to achieve with this custom parameter? There might be a different solution that we could use in order to achieve it.

Yes, when I say social signup I’m talking about login with google, facebook, etc.
I want to send a parameter to through auth0 to receive it in my app again when auth0 back to callback url.

@osvald01 What do you intend to do with this parameter? Could you provide some more clarity as to what you would like to achieve when sending out and receiving back this value?

I want to use those parameters to send some values through an API if the login is success.

@osvald01 Unfortunately, you still haven’t provided me with enough data like to be able to provide a customized suggestion. So, I’ll go a bit more generic here.

You should do either one of two things:

  1. This value should be enriched in the token (Create Custom Claims), or, on the other hand
  2. The callback URL should be handle this situation within the application and without involving Auth0.

I’ll try to be more clear. I have a react app and I want to use an url with an invite code as a query parameter. When the user click on the url the app display a signup/signin page. When the user click any option to authenticate I want to send the invite code parameter to auth0 to have it in the callback url.

Hey @osvald01,

That makes sense!

In this case, Auth0 does not automatically return random parameters that might be appended to the querystring. So, what you are requesting, exactly, can not be achieved. However, you can do the following (I just tested it):

1.- Append an invite_code querystring parameter (or however you want to call it) in your transactions
2.- Create a rule that works as a conditional, where if context.request.query contains invite_code, then do an action. You can find more about the Context Object in Rules here: Context Object Properties in Rules

Now, for the action within the Rule, there are a couple things you can do:

a) You could enrich the Access or ID token
b) You could add this value in the user’s Metadata by leveraging Metadata in Rules (I personally recommend using app_metadata for this), and this would even avoid duplication/multiple instance of the invite_code value as you can do a check within the Rule itself by reading the user object available to you

In either of these, your application will have to attempt to grab the value, and, if successful, use it wherever you’d like.

Let me know if this provides some more clarity.

Excellent! Thank you very much :+1:

Hi,

I have some follow up questions to the solution described here. In the following suggestion:

1.- Append an invite_code querystring parameter (or however you want to call it) in your transactions

What do “transaction” refer to?

Lets say I have an invite link like www.example.com/invite/my-invite-code, when I click on this link and get redirected to the Auth0 login page, how do I make sure my-invite-code was propagated? In other words, is there a way to automatically append it to custom query params, or in some cookie, or encode it in the state query param?

Additionally, how do I get access to the invite code inside Custom Database functions? It looks like the context object is not available in Custom Database functions. For some background here, in my system, the invite code will be linked to a shell user record, which I would like to update through Custom Database Functions upon creating the account in Auth0.

Thanks!