1

I have a simple node app which is using OAuth2. Our app call another app to authorize my user and it send back to my app. So flow is user trigger action which will redirect them to outside server. Upon successful login they are redirected back to in our app. The problem is I need some info like user info from first call which is lost when they come back in my app with different end point. I am using hapi and simple-oauth2 lib.

//hapi routes

server.route(
  {
    method: 'GET',
    path: '/validate',
    handler: function (request, h) {
      var params = request.query;
      var userId = params.userId;
      var info: params.info;
      .....
      h.redirect(authorizationUri);
    }
  },
  {
    method: 'GET',
    path: '/callback',
    handler: function (request, h) {
      var token = getTokenUsingSimpleOAuth2Lib(request);
      //I do not have access to userId and info from orginal client request
      saveTokenWithUserIdAndInfo(token, userId, info);
    }
  }
);

As shown above on second callback I do not have those information from original call. I am guessing we can use caching as storage or even encrypted 'state' field of OAuth2 request. Trying to know the standard way of doing these. Any suggestions?

αƞjiβ
  • 3,056
  • 14
  • 58
  • 95

1 Answers1

2

You can use state parameter:

https://auth0.com/docs/protocols/oauth2/oauth-state

I don't use same tech stack as you, but I had same issue. You have to use url base64 encoding for data you put in state param. You can read more about that here:

Passing base64 encoded strings in URL

andrija
  • 1,057
  • 11
  • 21