diff --git a/includes/type/object/class-customer-type.php b/includes/type/object/class-customer-type.php
index 9b456ebc..e483c407 100644
--- a/includes/type/object/class-customer-type.php
+++ b/includes/type/object/class-customer-type.php
@@ -350,12 +350,14 @@ public static function register_authorizing_url_fields( $fields_to_register ) {
 							}
 
 							// Build nonced url as an unauthenticated user.
-							$nonce_name = woographql_setting( 'cart_url_nonce_param', '_wc_cart' );
-							$url        = add_query_arg(
-								[
-									'session_id' => $customer_id,
-									$nonce_name  => woographql_create_nonce( "load-cart_{$customer_id}" ),
-								],
+							$nonce_name   = woographql_setting( 'cart_url_nonce_param', '_wc_cart' );
+							$query_params = [
+								'session_id' => $customer_id,
+								$nonce_name  => woographql_create_nonce( "load-cart_{$customer_id}" ),
+							];
+							$query_params = apply_filters( 'graphql_cart_url_query_params', $query_params, $customer_id, $source );
+							$url          = add_query_arg(
+								$query_params,
 								site_url( woographql_setting( 'authorizing_url_endpoint', 'transfer-session' ) )
 							);
 
@@ -400,12 +402,14 @@ public static function register_authorizing_url_fields( $fields_to_register ) {
 							}
 
 							// Build nonced url as an unauthenticated user.
-							$nonce_name = woographql_setting( 'checkout_url_nonce_param', '_wc_checkout' );
-							$url        = add_query_arg(
-								[
-									'session_id' => $customer_id,
-									$nonce_name  => woographql_create_nonce( "load-checkout_{$customer_id}" ),
-								],
+							$nonce_name   = woographql_setting( 'checkout_url_nonce_param', '_wc_checkout' );
+							$query_params = [
+								'session_id' => $customer_id,
+								$nonce_name  => woographql_create_nonce( "load-checkout_{$customer_id}" ),
+							];
+							$query_params = apply_filters( 'graphql_checkout_url_query_params', $query_params, $customer_id, $source );
+							$url          = add_query_arg(
+								$query_params,
 								site_url( woographql_setting( 'authorizing_url_endpoint', 'transfer-session' ) )
 							);
 
@@ -454,12 +458,14 @@ public static function register_authorizing_url_fields( $fields_to_register ) {
 							}
 
 							// Build nonced url as an unauthenticated user.
-							$nonce_name = woographql_setting( 'account_url_nonce_param', '_wc_account' );
-							$url        = add_query_arg(
-								[
-									'session_id' => $customer_id,
-									$nonce_name  => woographql_create_nonce( "load-account_{$customer_id}" ),
-								],
+							$nonce_name   = woographql_setting( 'account_url_nonce_param', '_wc_account' );
+							$query_params = [
+								'session_id' => $customer_id,
+								$nonce_name  => woographql_create_nonce( "load-account_{$customer_id}" ),
+							];
+							$query_params = apply_filters( 'graphql_account_url_query_params', $query_params, $customer_id, $source );
+							$url          = add_query_arg(
+								$query_params,
 								site_url( woographql_setting( 'authorizing_url_endpoint', 'transfer-session' ) )
 							);
 
diff --git a/includes/utils/class-protected-router.php b/includes/utils/class-protected-router.php
index a0aa48a1..bfc39ab2 100644
--- a/includes/utils/class-protected-router.php
+++ b/includes/utils/class-protected-router.php
@@ -363,6 +363,8 @@ private function process_auth_request() {
 			$this->redirect_to_home();
 		}
 
+		do_action( 'woographql_process_auth_request_nonce_verified' );
+
 		// If Session ID is a user ID authenticate as session user.
 		if ( 0 !== absint( $session_id ) ) {
 			$user_id = absint( $session_id );