State Parameter Is Not Appended in Redirect User Action

daboweiqi · May 4, 2022, 12:42pm

Hi there,

I’m trying to implement a customized 2FA for my login flow.
I followed the document of using Action to redirect user to my 2FA page. It seems the state parameter is not appended in the URL so when I redirect the user back to my auth0 page, it gives an error saying state parameter is not found. If I give an arbitrary state parameter, it gives me a 401 error.

Here is my action code, and it’s very simple. I’ve been digging in this forum and the docs for a while. It seems no one else has this issue. I appreciate your help.

/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  // Craft a signed session token
  const session_token = api.redirect.encodeToken({
    secret: event.secrets.MY_REDIRECT_SECRET,
    expiresInSeconds: 60, 
    payload: {
      // Custom claims to be added to the token
      email: event.user.email,
    },
  });

  // Send the user to https://my-app.exampleco.com along
  // with a `session_token` query string param including
  // the email.
  api.redirect.sendUserTo("http://localhost:3000/api/auth/auth0", {
    query: {session_token}
  });
}

daboweiqi · May 4, 2022, 12:49pm

I also tried a simple example in the doc. The state parameter is not appended, either.

\\ code
exports.onExecutePostLogin = async (event, api) => {
  api.redirect.sendUserTo("https://my-app.exampleco.com");
};
\\ test output
[
  {
    "resumeFn": "onContinuePostLogin",
    "type": "RedirectPrompt",
    "url": "https://my-app.exampleco.com/"
  }
]

daboweiqi · May 4, 2022, 8:12pm

Okay, I finally found where the state resides. It’s in event.transaction.state.

tyf · May 4, 2022, 9:34pm

Awesome, glad you were able to sort this out - Thanks for sharing with the community

daboweiqi · May 5, 2022, 7:35pm

It would be helpful if you can update the document which says the state parameter is automatically appended to the URL.

tyf · May 20, 2022, 7:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Action Redirect Does Not Allow to Add a "state" Parameter Knowledge Articles redirect , parameter , action	1	2516	September 19, 2023
Action Flow Redirect Help login-experience , new-universal-login-experience	2	986	February 6, 2023
State parameter and user redirection Help session , redirect , state	4	18834	March 2, 2018
Help with Action Redirects Help extensibility , deploy-cli	2	1868	January 8, 2024
State parameter not being injected into redirect url after accepting an invite Help auth0 , login	0	1826	March 15, 2022

State Parameter Is Not Appended in Redirect User Action

Related Topics