Hi, Matt. Not quite sure I'm following your ideas. What exactly do you try to pass and to what? What do you try to achieve? Knowing a context and seeing a couple of examples of your requests would be helpful.

I'm trying to pass a record id (Arbitrary and based on user activity) and an activity name. What this is is 3rd party apps that link to mine want to pass the redirecturl (as the app routing servlet) and in the state it would be {recordId: 9991, activity: "editloan"} all base64 encoded. Currently gluu requires all info used in the redirect url to be listed in the open id connect client config but that means I would need to create a new redirecturl for every record in the database ! There must be some way to pass a redirect url AND some data that the redirect will use once it gets there.

Hi, Matt. >Currently gluu requires all info used in the redirect url to be listed in the open id connect client config It's not just Gluu's internal decision, but requirement enforced by OIDC spec itself. >3rd party apps that link to mine want to pass the redirecturl (as the app routing servlet) and in the state it would be {recordId: 9991, activity: "editloan"} all base64 encoded. I'm still not quite sure I understood your goal completely, but I assume you just try to include this data (base64 of `{recordId: 9991, activity: "editloan"}` string) in the initial request to Gluu's OIDC authz endpoint, and expect it to be returned unchanged. In that case you just need to use `state` query parameter to pass it, Gluu will mirror it back to a calling app unmodified. We use this approach in our own Passport.js inbound SAML flow, and it's proved to work. Not sure what this means then: >For some reason the gluu js file overwrites whatever is in the state variable. Which js file are you referring to and at what point in the flow you see the `state` parameter changed? Could you provide a HAR archive of the whole flow where this change happens? Check [this page](https://help.salesforce.com/articleView?id=000187144&language=en_US&type=1) for more details on how to create it (I suggest to use Chrome browser for it)

per the original question, the JS file I am referencing is https://cdn.rawgit.com/GluuFederation/openid-implicit-client/master/openidconnect.js

Hi, Matt. Understood, thanks. I got a bit confused by you calling it "Gluu's js file", thinking it's perhaps an element of its pages. The implicit client you're referring to is a fork of 3rd-party project by Nat Sakimura, and mostly is provided to serve as an example and a foundation to build your own solution upon. We don't provide support for writing scripts and customizing 3rd-party components to community users, but you are free to study the code, adapting it to your requirements and then perhaps even submitting a pull request with your changes, if you think they may be useful to the rest of community.