This one is in the weeds so probably need a auth0 guru to respond.
BASIC FACTS:
- I am using auth0.js and lock to authenticate.
- Passing in a state
- Using Rules
All is working well except one scenario. I am passing in the state and on callback it comes back correctly. However in my situation I pass the state back to my API in a RULE.
Here is the kicker - the state is what I expect to receive in all situations EXCEPT when the user uses Username-Password and is not remembered.
So if I login using any social provider - WORKS
If I login as username and password - first time it FAILS (state is no longer the value I sent in)
If I relogin and it remembers my username and password - WORKS
The state I am sending in is a GUID for example: 99999999-9999-9999-9999-999999999999
What I see when it is failing is a 32 character string - and it is different on each call, example: LypO4is6v8fKG3CgLqU0sVFmAJoQr6Y6
PS You may come back and tell me I should not be relying on state at the RULE level. If this is the answer what is the best way to send in a GUID that will be passed through to the RULE.