By: Patrick McKinnon user 27 Dec 2016 at 4:54 p.m. CST

1 Response
Patrick McKinnon gravatar
Is there any way to pass client-side state using oxd through the Gluu authentication process that would be available to the authenticated redirect? It seems like the straightforward way would be to add necessary url parameters to the authorization_redirect_uri, but it looks like the oxd server [doesn't currently allow this to be overridden](https://github.com/GluuFederation/oxd/blob/master/oxd-server/src/main/java/org/xdi/oxd/server/op/GetAuthorizationUrlOperation.java#L48) with the get_authorization_url command because it always uses the base server configuration.

By Michael Schwartz Account Admin 27 Dec 2016 at 5:31 p.m. CST

Michael Schwartz gravatar
oxd sets the state and checks the returned state to make sure it matches. I would suggest using a cookie to save additional session state.