Login using OAuth2 - State (?)

diogenis · June 13, 2023, 8:24pm

Good afternoon everyone,

I’m working on a login integration for our iOS application. This integration was built using OAuth2. The required parameters are as follows:

  client_id: string
  state: string
  redirect_uri: string
  scope: string
  response_type: string

The only parameter I wasn’t able to obtain was “state”. I analyzed the website’s behavior but couldn’t figure out how the front end retrieves this information, which appears to be a JWT.

Is there any API to get the “state” and perform authentication via the endpoint below?

https://vtexid.vtex.com.br/VtexIdAuthSiteKnockout/ReceiveAuthorizationCode.ashx?state={state}&code={code}

Thank you!

estevao_santos · June 13, 2023, 10:05pm

Hi @diogenis, how are you?

This parameter is automatically generated by VTEX ID and cannot be changed.

You can find more information here: Create OAuth2 authentication

In this other doc Webstore (OAuth 2.0) you can also get a more in-depth view of the setup you need to do for the parameter to be correctly inserted in the URL.

I hope this information helps you.

Best,
Estevão
PO ENEXT

If this information helped in any way, please mark it as the answer to support others in the community.

diogenis · June 13, 2023, 10:39pm

Good point @estevao_santos, I had already found the documentation too.

But that’s the thing — I just needed to retrieve the “state” somehow. Since I only use APIs, I can’t generate that “state”. At least I haven’t found, so far, any endpoint that returns it as a cookie, for example.

On the site it only appears after being redirected to the login page, in the URL itself.

Thanks for the reply!

estevao_santos · June 13, 2023, 10:54pm

Got it @diogenis

I suspect you’ll need a Backend handling this routine and passing the parameter to you the way you need it, since it’s only generated directly.

A Backend would be able to handle that part better for you.

Cheers,
Estevão.

diogenis · June 13, 2023, 10:58pm

I’m also the backend of my team @estevao_santos, hahahaha.

But the OAuth2 thing was done by another agency using Firebase Cloud Functions. I even have the project. But there’s nothing in there related to creating the “state”.

If you’ve had that experience, we could have a chat, if you’re available. I can show you the situation.

Thanks @estevao_santos!