Hi there,
I’m trying to implement a customized 2FA for my login flow.
I followed the document of using Action to redirect user to my 2FA page. It seems the state parameter is not appended in the URL so when I redirect the user back to my auth0 page, it gives an error saying state parameter is not found. If I give an arbitrary state parameter, it gives me a 401 error.
Here is my action code, and it’s very simple. I’ve been digging in this forum and the docs for a while. It seems no one else has this issue. I appreciate your help.
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
// Craft a signed session token
const session_token = api.redirect.encodeToken({
secret: event.secrets.MY_REDIRECT_SECRET,
expiresInSeconds: 60,
payload: {
// Custom claims to be added to the token
email: event.user.email,
},
});
// Send the user to https://my-app.exampleco.com along
// with a `session_token` query string param including
// the email.
api.redirect.sendUserTo("http://localhost:3000/api/auth/auth0", {
query: {session_token}
});
}