Send additional params to identity providers link
Can we send additional query params to identity providers link while registration from registration form?
joshua last edited by
Can you confirm the flow that you are looking to enable?
A bit more detail might be helpful to ensure that we are best addressing your root question.
@joshua , thanks for your reply, what we are looking for is, we want to save invite token after someone register through any of the identity provider we have enabled, so for that we have to send query params when someone click on any of identity provider, we are sending that invite token through query param into fusionauth registration form but after that we have to pass it to identity providers so when it redirects back we can save that token in user.data.* object.
@joshua To add on to what @adil was saying, we want to be able to block users signing up for the app unless they have an invite token. The invite token may not have an email address associated with it which matches the login they create (ex. if create a user/register a user with an appleid, the email for the account will be the proxy email apple gives out, not their actual email).
Currently, we are set up so that when a user logs in with an Identity Provider account (ex. Google, Apple, etc) it will autocreate a FusionAuth user account and register that user with our application.
Our initial screen gives the option to enter an invite code or log in, kicking off two flows:
Invite Code Flow
We send the invite code as an additional parameter in the query string to the oauth login page. We can get the parameter and pass it along to the other pages in the login flow by modifying the theme templates. However, if they choose to create an account with one of the IdPs, we lose the identity token when it reverts to a flow controlled by the template (actually, in the current version it doesn't seem to hit the template at all).
What we'd like to do is include the invite token in the webhook call back to our main server either when the user account is created or when the registration for that new user account is performed. This would allow us to expire the invite token and associate the FusionAuth user with the invite. The only place available to put custom data seems to be the data section of the user object itself. We can't figure out how to include additional information in the redirect URL, however (we can't populate state, since that's already used for what seems like a CSRF token).
The broader question here is how can we associate our own state with the account creation/registration process such that we're able to pass that state back to either our server (via webhook) or to the client hosting the page (the final redirect fusionauth does back to the main application)?
If the user enters the login page without the invite token, we'd like to prevent logging in with an IdP account from autocreating a user account, registering it with the application, and logging the user in. Alternatively, if we're not able to block account creation under those circumstances, we'd like to be able to determine that the account was created without an invite token (we could do some more complicated logic to remove the account and prevent the user from actually logging in).
joshua last edited by joshua
Thanks for the additional information! It sounds like this is already an active issue that you can upvote for consideration into future versions of FusionAuth.
If a good workaround comes to mind, I will be sure to let you know.