How to pass data from login page to OAuth 2.0 and then get it back?

Question

I am using OAuth 2.0 for my AngularJS application. When the user clicks on one of other application I am redirecting to my Angular application with parameters like this:

https://stic-scm-auto.snitco.com/fsHardSoft/createCase?sn=FOC0948Y1WB 

When above URL is accessed I am showing them the login page. (since they are not logged in yet)

Later I am redirecting them to here :

https://cloudsso-test.snitco.com/as/

after they landed there, I am getting re-directed to login URL:

https://sso-test.snitco.com/autho/forms/CDClogin.html

once the login succeeds, it's redirecting back to the OAuth callback page of my application.

How can I pass the createCase?sn=FOC0948Y1WB - parameter to all above gateways and get the data back?

Answer 1

You can achieve this by relying on OAuth 2.0 state parameter. In an OAuth 2.0 compliant server the value you send in this parameter we'll be returned to you after the process completes and the authorization server redirects back to your application.

The primary use case of this parameter is to prevent XSRF by linking an original request to the redirect request so that the client application is sure that the redirect was not caused by an attacker.

However, it's also possible to use this parameter to achieve per-request customization which in your case would be knowing the original case number. See Using the State Parameter for more information about this. Just be sure that the value passed in the state should still have a random component that can later be checked to prevent XSRF; your required custom data should be in addition to this nonce value.