State Parameter Is Not Appended in Redirect User Action

Hi there,

I’m trying to implement a customized 2FA for my login flow.
I followed the document of using Action to redirect user to my 2FA page. It seems the state parameter is not appended in the URL so when I redirect the user back to my auth0 page, it gives an error saying state parameter is not found. If I give an arbitrary state parameter, it gives me a 401 error.

Here is my action code, and it’s very simple. I’ve been digging in this forum and the docs for a while. It seems no one else has this issue. I appreciate your help.

/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  // Craft a signed session token
  const session_token = api.redirect.encodeToken({
    secret: event.secrets.MY_REDIRECT_SECRET,
    expiresInSeconds: 60, 
    payload: {
      // Custom claims to be added to the token
      email: event.user.email,
    },
  });

  // Send the user to https://my-app.exampleco.com along
  // with a `session_token` query string param including
  // the email.
  api.redirect.sendUserTo("http://localhost:3000/api/auth/auth0", {
    query: {session_token}
  });
}

I also tried a simple example in the doc. The state parameter is not appended, either.

\\ code
exports.onExecutePostLogin = async (event, api) => {
  api.redirect.sendUserTo("https://my-app.exampleco.com");
};
\\ test output
[
  {
    "resumeFn": "onContinuePostLogin",
    "type": "RedirectPrompt",
    "url": "https://my-app.exampleco.com/"
  }
]

Okay, I finally found where the state resides. It’s in event.transaction.state.

1 Like

Awesome, glad you were able to sort this out - Thanks for sharing with the community :slight_smile:

It would be helpful if you can update the document which says the state parameter is automatically appended to the URL.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.