Reputation: 1214
Google OAuth Redirect With Query String Possible?
Is it possible to pass a parameter to web page via the OAuth redirect URL once the user authenticates? I have specified a parameter on the redirect URL in the Google credentials configuration page but it is not being passed. I'd like to get the value of foo below:
https://example.com/Test?foo=1234
Upvotes: 1
Views: 6343
Answers (1)
Reputation: 2048
I'm guessing you want to use the query parameter to encode some sort of information that will track the OAuth flow on your end. In that case, you would need to use the state parameter. You will get the state parameter back as a parameter to your redirect_uri
More information:
https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest
https://developers.google.com/identity/protocols/OpenIDConnect#state-param
The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string or encode the hash of some client state (e.g., a cookie) in this state variable, you can validate the response to additionally ensure that the request and response originated in the same browser. This provides protection against attacks such as cross-site request forgery.
Upvotes: 5
Related Questions
- Google OAuth 2.0 redirect_uri with several parameters
- Google API : is there a more 'flexible' way to specify redirect URIs?
- how to specify the redirect url for the google sign-in button
- Google Oauth redirect to ios custom url
- Google auth - any way to have custom data sent back in redirect URL?
- Google APi- Redirect URL
- Are querystring parameters supported in OAuth 2.0 redirect URLs?
- How to add query params to google oauth in golang?
- Google Authorized redirect URIs
- Can Google Oauth redirect_uri be configured with pattern?