State Parameter Is Not Appended in Redirect User Action

Hi there,

I’m trying to implement a customized 2FA for my login flow.
I followed the document of using Action to redirect user to my 2FA page. It seems the state parameter is not appended in the URL so when I redirect the user back to my auth0 page, it gives an error saying state parameter is not found. If I give an arbitrary state parameter, it gives me a 401 error.

Here is my action code, and it’s very simple. I’ve been digging in this forum and the docs for a while. It seems no one else has this issue. I appreciate your help.

/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  // Craft a signed session token
  const session_token = api.redirect.encodeToken({
    secret: event.secrets.MY_REDIRECT_SECRET,
    expiresInSeconds: 60, 
    payload: {
      // Custom claims to be added to the token
      email: event.user.email,
    },
  });

  // Send the user to https://my-app.exampleco.com along
  // with a `session_token` query string param including
  // the email.
  api.redirect.sendUserTo("http://localhost:3000/api/auth/auth0", {
    query: {session_token}
  });
}
1 Like

I also tried a simple example in the doc. The state parameter is not appended, either.

\\ code
exports.onExecutePostLogin = async (event, api) => {
  api.redirect.sendUserTo("https://my-app.exampleco.com");
};
\\ test output
[
  {
    "resumeFn": "onContinuePostLogin",
    "type": "RedirectPrompt",
    "url": "https://my-app.exampleco.com/"
  }
]

Okay, I finally found where the state resides. It’s in event.transaction.state.

2 Likes

Awesome, glad you were able to sort this out - Thanks for sharing with the community :slight_smile:

It would be helpful if you can update the document which says the state parameter is automatically appended to the URL.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.