Skip to content

Some query parameters for Auth0 not passing through #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JasonNoonan opened this issue Feb 1, 2023 · 2 comments
Open

Some query parameters for Auth0 not passing through #239

JasonNoonan opened this issue Feb 1, 2023 · 2 comments

Comments

@JasonNoonan
Copy link

When trying to pass some Auth0-supported custom query parameters through Ueberauth to the /authorize endpoint on auth0, it appears that the additional query parameters are not getting through. We have a custom template loaded in our Auth0 Universal Login, which makes use of ext-register-title and ext-register-subtitle params to customize the title and description on our prompt.

For instance, if I call /auth/auth0?ext-register-title=test, I would expect the auth0 prompt that I'm receiving to show the title as "test" instead of welcome due to our Universal Login template, but I can see in the network tab that the query parameter is never getting passed through.

I've made some modifications locally to the allowed params this library uses and confirmed that it can work, but I imagine you all don't want to accept a bunch of random PRs asking for "please approve ext-my-var query params".

Is there a way to accomplish what I'm after without modifying the existing library? something I'm missing with config or setup for the auth0 strategy that would pass this value through?

My colleague proposed an idea of allowing the user to provide a list of ext_params to the strategy's config list providing a map of the params to their default values, which could then be appended to the pass-through params after the allowed params were iterated, but we're unsure if you'd be open to such a PR and wanted to see if there was an alternative way to accomplish this that we're missing.
@JasonNoonan
Copy link
Author

Hi, I just wanted to follow up on this. Am I barking up the wrong tree with this request or is there any assistance I can get with resolving the problem?

Thank you for your time!

@njausteve
Copy link

njausteve commented Jul 20, 2023
edited
Loading

@JasonNoonan I've had a similar case where we needed to allow some UTM parameters and this is how we did it. Not sure whether you've already tried that.

# Ueberauth Auth0 configuration
config :ueberauth, Ueberauth,
  providers: [
    auth0: {
      Ueberauth.Strategy.Auth0,
      [
        default_scope: "openid name email",
        allowed_request_params: [
          :scope,
          :state,
          :audience,
          :connection,
          :prompt,
          :screen_hint,
          :login_hint,
          :utm_source,
          :utm_content,
          :utm_medium,
          :utm_campaign,
          :utm_term
        ]
      ]
    }
  ]

In this case, the :utm_** keys are a list of external parameters allowed through

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@njausteve @JasonNoonan