Hi everyone,
I’m struggling with a redirect loop issue using WeWeb + Auth0. I am trying to build a custom onboarding flow and could use some expert eyes on the “handshake” process.
The Workflow
-
Custom Onboarding: The user fills out a WeWeb form (Email, Name, Company, Tier).
-
The Redirect: On submit, I use a custom script to send them to Auth0.
-
The Goal: I am using
screen_hint=signupandlogin_hint=USER_EMAILin the URL.-
Expectation: User sets password –> Returns to app –> Automatically logged in.
-
Reality: User sets password –> Returns to app –> Bounced to Login page (Invalid Handshake).
-
The Technical Hurdle
It seems that by using a manual window.location.href to force the login_hint, I am breaking the WeWeb Auth Plugin’s internal listener. When the user returns with the code and state, the plugin doesn’t recognize the session and treats them as unauthenticated.
My Questions
-
Is there a way to use the built-in “Signup” action but pass a
login_hint? I want the email value from my WeWeb variable to auto-populate the Auth0 signup field. -
If I must use a custom script, how do I “prime” the WeWeb Auth Plugin? How can I make the plugin expect the user’s return so the handshake doesn’t fail?
-
Handshake Fix: Has anyone successfully used
localStorageto manually set thea0.spajs.txstransaction key to match the incoming state?
What I’ve Tried
-
Direct browser redirects to the
/authorizeendpoint. -
Manually constructing the state to match the transaction key.
-
Confirmed in Auth0 logs that the user is created successfully; the issue is strictly the “return flight” to WeWeb.
I want the user to only have to worry about their password. Any advice on keeping the Auth plugin “in the loop” while passing these custom parameters would be a lifesaver!
