Store referral code for later during signup (for later retreival)?

I want to store a referral field when a user signs up.

  • When we send a referral email to a user, it contains a link directs them to our univeral login signup page.
  • After a user signs up, the are directed to a page that tells them to check their inbox and verify their email.
  • Upon verifying their email, they are redirected to our account setup page, which contains the referral code field.
  • I would like to pre-populate this referral code.
  • I tried putting the code as a query param for the redirect_uri. But this doesn’t work because at the time of the redirect, the user has not verified their email yet.

I am directing the users to:

In the onExecutePreUserRegistration event, I could store the code in the meta data. But I am not sure where to grab the code from. The following doesn’t seem to work, as referralCode seems to be undefined.

exports.onExecutePreUserRegistration = async (event, api) => {
  const referralCode = event.request['referralCode'];
  if(referralCode) {
    api.user.setAppMetadata('referral_code', referralCode);

I don’t seem to be able to make this work using my custom query parameter. But if I hijack the state variable, I can pull the code from there. Is that bad?

In otherwords, I redirect the user to

exports.onExecutePreUserRegistration = async (event, api) => {
  const referralCode = event.transaction?.state;
  if(referralCode) {
    api.user.setAppMetadata('referral_code', referralCode);

The above only seems to work on the test run when editing the application. When I do an actual login, for some reason event.transaction?.state is undefined. Even though in the logs it shows that the state does exist:

    "actions": {
      "executions": [
    "body": {
      "connection": "Username-Password-Authentication",
      "client_id": "asdfasdfasdfasdfas",
      "email": "",
      "password": "*****",
      "is_signup": true,
      "tenant": "test-tenant",
      "transaction": {
        "id": "dZYS-jK0ldnD5WS7Yk3kxM8TmgxyVd-PC",
        "locale": "en",
        "protocol": "oidc-basic-profile",
        "requested_scopes": [],
        "acr_values": [],
        "ui_locales": [],
        "redirect_uri": "",
        "prompt": [],
        "state": "test-referral-code-8888",
        "login_hint": null,
        "response_mode": null,
        "response_type": [
      "form": {},
      "request_language": "en-US,en;q=0.9"
    "authentication_methods": [

Why is the state undefined in my event handler?

Hi @shea,

It’s not possible to send a param with the request to signup and retrieve it in a pre reg action. More info here. Even more info here.

Hijacking the state could be a security risk. I can’t suggest that strategy either.

This may be something you want to handle in the background before sending the user to the registration page.

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.