State Parameter Is Not Appended in Redirect User Action

daboweiqi · May 4, 2022, 12:42pm

Hi there,

I’m trying to implement a customized 2FA for my login flow.
I followed the document of using Action to redirect user to my 2FA page. It seems the state parameter is not appended in the URL so when I redirect the user back to my auth0 page, it gives an error saying state parameter is not found. If I give an arbitrary state parameter, it gives me a 401 error.

Here is my action code, and it’s very simple. I’ve been digging in this forum and the docs for a while. It seems no one else has this issue. I appreciate your help.

/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  // Craft a signed session token
  const session_token = api.redirect.encodeToken({
    secret: event.secrets.MY_REDIRECT_SECRET,
    expiresInSeconds: 60, 
    payload: {
      // Custom claims to be added to the token
      email: event.user.email,
    },
  });

  // Send the user to https://my-app.exampleco.com along
  // with a `session_token` query string param including
  // the email.
  api.redirect.sendUserTo("http://localhost:3000/api/auth/auth0", {
    query: {session_token}
  });
}

daboweiqi · May 4, 2022, 12:49pm

I also tried a simple example in the doc. The state parameter is not appended, either.

\\ code
exports.onExecutePostLogin = async (event, api) => {
  api.redirect.sendUserTo("https://my-app.exampleco.com");
};
\\ test output
[
  {
    "resumeFn": "onContinuePostLogin",
    "type": "RedirectPrompt",
    "url": "https://my-app.exampleco.com/"
  }
]

daboweiqi · May 4, 2022, 8:12pm

Okay, I finally found where the state resides. It’s in event.transaction.state.

ty.frith · May 4, 2022, 9:34pm

Awesome, glad you were able to sort this out - Thanks for sharing with the community

daboweiqi · May 5, 2022, 7:35pm

It would be helpful if you can update the document which says the state parameter is automatically appended to the URL.

ty.frith · May 20, 2022, 7:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
state: return_url not behaving as expected Get Help state	2	3767	March 2, 2018
Pass custom parameters on Auth0 login redirect Get Help auth0js	3	12824	February 11, 2019
State parameter and user redirection Get Help session , redirect , state	4	19829	March 2, 2018
How to use fragment and appState in RedirectLoginOptions Get Help	4	4228	March 9, 2021
State parameter changing Get Help state	2	4240	August 26, 2019

State Parameter Is Not Appended in Redirect User Action

Related topics