When the user clicks to accept an invitation to an organization, we redirect the user to the /authorize
endpoint sending the invitation parameter, the redirectUri, among others, the user enters their credentials and log in, call example below:
/authorize?response_type=code&client_id={_authzKeys.ClientId}&invitation={invitation}&organization={organizationMetadata.AuthzId}&redirect_uri={_authzKeys.RedirectUri}
After that, we redirect the user to a page of ours for him to select with which organization he wants to enter the application. When he selects we call the endpoint /continue
sending the state as a parameter. We handle the onContinuePostLogin event to add the necessary properties for the logged in user. And auth0 executes the callback but without the state parameter, example:
https://mysite.com/home?code=XXX
If the user logs in without an invitation, selects the organization, the parameter is sent and the user remains logged into our application by going straight to a welcome screen.
https://mysite.com/home?code=XXX&state=YYY
Our problem is that without the parameter the user is not logged in and therefore he redirects back to our login page. Even after he has already logged in. Do you have any thoughts on this?