I’m working on implementing Notion’s OAuth authentication and found something strange with how redirect URLs work.
When I set up my redirect URL in the Notion app configuration, I included a query parameter to help identify the integration type:
http://localhost:3000/callback?service=notion_db
But after users complete the authorization process, Notion redirects them back to my app without the service parameter I originally included. The URL only contains the code and state parameters that Notion adds:
My original query parameter just disappears completely. This seems wrong because OAuth standards should preserve existing query parameters in registered redirect URLs.
Is this expected behavior from Notion’s OAuth implementation? How can I pass custom parameters through the OAuth flow if the redirect URL gets stripped of existing query strings?
Yeah, this happens with most OAuth providers, not just Notion. They overwrite the redirect URL completely instead of adding parameters to it. Here’s what I found that actually works: register multiple redirect URLs in your Notion app settings. Most people don’t know you can do this. Instead of messing around with query parameters, I just set up specific callback URLs like http://localhost:3000/notion-callback, http://localhost:3000/slack-callback, etc. Then when you make the auth request, you tell it exactly which redirect URL to use for that flow. No more parameter stripping issues, and your callback handling becomes way cleaner. Just make sure to update your OAuth URL with the specific redirect_uri parameter for each service.
Parameter stripping is such a headache with OAuth integrations. Yeah, multiple redirect URLs work, but then you’re stuck managing a bunch of endpoints.
I ended up letting Latenode handle all the OAuth stuff instead of fighting Notion’s redirect weirdness. Set it up once and you’re done.
It normalizes everything - Notion, Google, Slack all work the same way through their interface. No more dealing with each provider’s quirks.
You get tokens without the parameter stripping headaches or state management mess. And when you add more integrations? No debugging OAuth edge cases.
Beats writing custom handlers for every service. Way cleaner than juggling multiple callbacks: https://latenode.com
Yeah, this caught me off guard too when I started using Notion’s API about six months back. Their OAuth implementation strips existing query params from your redirect URL - it’s just how it works, unfortunately. I tried using the state parameter at first but it got messy with multiple OAuth providers. Here’s what worked better: I store a mapping in my database before redirecting to Notion’s auth endpoint. Generate a unique ID, store it with your service type (notion_db), then pass that ID in the state parameter. When the callback hits, look up the original context using that ID. This scales way better than path-based routing if you’re dealing with dynamic redirects or multiple auth flows happening at once. Sure, there’s an extra database call, but it keeps everything cleaner and easier to maintain.
Yeah, the state parameter workaround works, but dealing with OAuth quirks gets old when you’re building multiple integrations.
Hit this same issue last year connecting apps to our dashboard. Instead of wrestling with Notion’s redirect limitations, I used Latenode to handle the OAuth flow.
Latenode manages the entire auth flow for you. No redirect URL stripping or state parameter gymnastics. It handles the handshake with Notion and gives you clean access tokens.
If you add other services later, you’re not writing custom OAuth handlers for each one. The automation works across platforms without these headaches.
Saved me about 2 weeks of debugging weird OAuth edge cases. Worth checking out if you want to skip the auth plumbing: https://latenode.com
had this same issue a few months ago - notion def strips query params from redirect urls, super annoying. i just switched to different callback paths like /auth/notion, /auth/slack, etc. instead of query parameters. way cleaner than cramming everything into the state param.
Indeed, the behavior you’re experiencing is typical for Notion’s OAuth implementation, which can be quite frustrating. In my experience when I faced a similar issue, I learned that Notion doesn’t preserve query parameters during redirection, which disrupts the usual OAuth functionality. A practical workaround I found was to embed my parameters into the state parameter instead. For example, you could use something like state=xyz789_notion_db. Upon returning, you can then parse the state value to retrieve both the Notion-provided code and your service identifier. Alternatively, consider setting different redirect URL paths rather than relying on query parameters. Configuring your Notion app with distinct callback endpoints, such as /callback/notion_db or /callback/notion_sheets, could help maintain a clean routing structure without the query stripping issue.