Reputation: 1714
Use state in Auth0 rule
I’d like to pass a custom identifier into the Auth0 authorize endpoint. The value is a guid identifying the user in our database.
I’m passing it in the state parameter of the Auth0.js authorize function.
this.auth0.authorize({
initial_screen: 'signUp',
lead_guid: leadGuid,
state: leadGuid
});
I can see the value of state in the rule but it’s encoded. The documentation suggests it’s base64 but it doesn’t decode.
Before the rule, in the hosted login page, if I grab the config, I get these values:
"extraParams": {
"initial_screen": "signUp",
"lead_guid": "33071cf4-17c4-44fe-b573-fc86dfa7e413",
"state": "ll8tw5lkrSELOf1cnTygwBlewWrRK_Zo"
},
"internalOptions": {
"initial_screen": "signUp",
"lead_guid": "33071cf4-17c4-44fe-b573-fc86dfa7e413",
"state": "ll8tw5lkrSELOf1cnTygwBlewWrRK_Zo",
},
The lead_guid is coming through to extraParams and internalOptions but the state value is not being set.
If I set the value in the object that gets passed to Lock as the Auth params:
if (leadGuid) {
config.extraParams.state = leadGuid;
config.internalOptions.state = leadGuid;
}
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: (config.internalOptions || {}).response_type ||
config.callbackOnLocationHash ? 'token' : 'code',
params: config.internalOptions
},
When I attempt to sign up, I get this error:
You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persists please contact the administrator.
If I initialize auto0.WebAuth with a custom state:
auth0 = new auth0.WebAuth({
clientID: environment.auth0.clientId,
domain: environment.auth0.domain,
responseType: 'token id_token',
audience: environment.auth0.audience,
redirectUri: environment.auth0.interactiveRedirectUri,
scope: 'openid profile email',
state: 'anthony'
});
Then get the AuthResult state, I can see my custom value. The value logged by the rule seems to be the internal Auth0 state.
Is it possible for an Auth0 rule to get the value of state in plaintext so that it can be passed to a webhook?
Upvotes: 3
Views: 949
Answers (1)
Reputation: 1714
Changed the call to
this.auth0.authorize({
initial_screen: 'signUp',
lead_guid: leadGuid,
});
The lead_guid is available in the Auth0 rule using context.request.query.lead_guid
Upvotes: 4
Related Questions
- How to use Auth0 for full signup-signin process
- Can I get an idToken from an auth0 rule?
- How to block user with immediate effect in auth0
- Auth0: How to update user_metadata from rules?
- Auth0 Authorization Code Flow with custom login page
- AngularFireAuthGuard with multiple conditions
- How to manage `state` nonce auth0 authorization code grant flow?
- How to identify the current user when redirected from an auth0 rule
- Auth0: Redirect from rules, how to protect state?
- Firebase auth() succeeded, but my security rules that check for logged-in state still fail