Accessing OAuth state post sign-in

[TejasQ]

Your question
Hi, I love the great work done on this project. Thank you all very, very much.

My question is about the state parameter from the OAuth spec. Traditionally, one would pass it to an OAuth provider, say Google like so

https://accounts.google.com/o/oauth2/v2/auth
  ?prompt=consent
  &access_type=offline
  &response_type=code
  &state=hello

After login, Google redirects to the callback URL with the state attached to the querystring, ready to be processed by the client.

I have searched a lot for a way to access this parameter with next-auth, but have not yet found out how.

My question is twofold:

1. Is it currently possible?
2. Where can I add it if not? I'd love to make a PR.

Feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.

• Found the documentation helpful
• Found documentation but was incomplete
• Could not find relevant documentation
• Found the example project helpful
• Did not find the example project helpful

[mt-deva]

Something like

export async function getServerSideProps(ctx) {
    const { query: { state } } = ctx;
    const response = await fetch(`https://accounts.google.com/o/oauth2/v2/auth?state=${state}`);
    const data = await response.json();

    return {
        props: {
            data
        },
    };
}

Can see the state key in the ctx, so imagine thats what you need

[balazsorban44]

Hi there @TejasQ! 🙂 Do you think #823 would help here? It makes it possible to forward any parameters when signing in to your IdP

[liiinx-com]

Hi there @balazsorban44
for googleOauth, when passing the following object, I can see my state param is passed to google also, I can see it in the middleware logs along with the authorization code from google but, can not access that in any callback.

I also tried to implement a custom-oauth provider, that did NOT work.
Could you please help? I need this to identify the request initializer subdomain.

Note: even if it works, I do not think the whole auth is not going to work since the subdomain is different. How can I keep my user signed in between subdomains?

authorization: {
        params: {
          state: 'state1',
        },
      },