Hey team How do i get the custom claims from the token on the front end

howdy y'all! i'm getting a

Insufficient permissions for impersonation

even though i'm logged in as a user with a role that can impersonate. any ideas?

nvm - solved it with the workaround in this old thread: https://authtown.slack.com/archives/C04490U8M7A/p1718814623504819

me again 😅 we're all of the sudden getting issues signing in with mobile OTP in our production environments on one of our flows - email works fine. seeing these errors in production. any ideas?

nvm figured it out again 😂 we imported some flows around and it overrode the sign up or in connector we had for our OTP in our flow

it didn't fall back to the default connector tho 🙃

Anyone using OTP or flow in PHP/laravel backend ? And Flutter frontend flow or OTP auth

I'm working on a flow where the first step calls an external API to retrieve information needed for the rest of the flow. The API call can occasionally return an error, and I’ve set the error handling to automatic (in the flow). However, when an error occurs, the descope element doesn’t disappear and seems to be stuck loading. Any ideas on what might be going wrong here?

Hi guys, I'm using golang sdk in order to start Oauth login & validate a session, however I'm getting this error:

failed to get user: [G030003] Missing or invalid refresh token: Unable to find tokens from cookies",

The way I initiate the client is:

descopeClient, err := client.NewWithConfig(&client.Config{
		ProjectID:                descopeConfig.ProjectID,
		DescopeBaseURL:           descopeConfig.BaseURL,
		CertificateVerify:        api.CertificateVerifyNever,
		SessionJWTViaCookie:      true,
		SessionJWTCookieDomain:   "localhost:8888", //strings.Join(strings.Split(descopeConfig.BaseURL, ".")[1:], "."),
		SessionJWTCookieSameSite: http.SameSiteNoneMode,
	})

The way I initiate the login:

login.GET("/", func(c *gin.Context) {
			_, err := descopeClient.Auth.OAuth().SignUpOrIn(context.Background(), descope2.OAuthGoogle, "<http://localhost:8888/api/sanity/me>", nil, nil, c.Writer)
			if err != nil {
				logger.Errorf(c, "failed to start oauth flow: %v", err)
			}

		})

The way I'm validating the session:

user, err := <http://descopeClient.Auth.Me|descopeClient.Auth.Me>(ctx.Request)

Any Idea?

Hello, is there a way to get the permissions list in the front end? I see the roles in the user but not the permissions

Hi, I'm using the SDK with flow on Flutter. After redirecting with a deep link, what should I do with the code I received? Why is my session still null?

Hello, I'm facing issue in some of the android devices. When i login with react native SDK. Most of the times it is taking in different androis devices. here are the attached video's for your refernce and the code. Here is the code:

const flow = useFlow()

const { manageSession } = useSession()

const startFlow = async () => {

try {

`const resp = await flow.start(

<https://auth.descope.io/${projectId}?flow=custom-signup-in>

, DOMAIN)`

await manageSession(resp.data)

} catch (e) {

console.log("err", e)

// handle errors

}

}

if (Platform.OS === 'android') {

useEffect(() => {

Linking.addEventListener("url", async (event) => {

if (event.url.includes(DOMAIN)) {

try {

await flow.exchange(event.url);

} catch (error) {

console.log(error,"error");

}

}

});

return () => {

Linking.removeAllListeners("url");

};

}, [flow]);

}

Here these are in two different android devices.

Hey Team, Is there a way to use a condition inside a flow that checks if an attribute already exists in one of the users and if so how many users have this attribute? For example, if a user puts inside a form his phone number, I want to be able to check if that phone number already exists in any of the users\if it exists a certain amount of times and if so redirect to another screen.

Hey guys, I'm using React web components to log in, like this:

<DescopeAuthProvider
      projectId={appConfig.descope.projectId}
      baseUrl={appConfig.descope.baseUrl}
      sessionTokenViaCookie>
      <Descope flowId="sign-in" onSuccess={(x) => console.log('kkkk', x)} />
    </DescopeAuthProvider>

The flows look good, on the response I'm getting an object with

sessionJwt

and

refreshJwt

objects, but I'm getting only

DS

cookie, without

DSR

, which fails my backend validation How to fix it?

Hi Descope team , did some thing change in the "impersonate user" logic ? it was working for us, but noticed today that it stopped adding the roles and permissions to the jwt of the impersonated user(not sure when it stoped today). trying to check if something is changed on our side but currently no luck. the "roles" & "permissions" is missing from the jwt , its not empty .

Maybe someone can explain a behavior I can't. I am running some tests and I have a playground project for it. I am using authentication from the frontend using the descope react sdk and two flows. The flows are created from templates without me changing anything. One flow is a social login + enchanted link and the other flow is user/password (I couldn't find an existing template with both). I have two cases. In both I am starting with no existing user in the descope dashboard. In the first case, I am using the user/password flow. Since there is no user, I am asked to enter an email and a password. After I am successfully logged in I can log out and back in and everything works fine. I then switch to the social flow and using the same email, log in using google. Again, everything works fine and I can log in and out using both method. In the second case I am trying to the same but sign in with social first, and then with user password. When I use the user/password flow after I first sign in with social (and thus a user is created in descope), the user/password flow takes me to a change password screen (probably because it finds an existing user). Since there is no existing user/password for this user the flow is not usable. Anything I am doing wrong here?

Hi guys! I have a question - I had a SAML-based auth set up with Descope for months - suddenly, today when I tried to login to my app I started getting this error: Error text:

[E064003] Invalid Refresh Token JWT was provided: Failed to validate invalid JWT refresh token - onetime [error: key provider 0 failed: [E062011] Failed getting keys from session service [error: [E053002] Failed getting secret [error: rpc error: code = Unknown desc = [E053002] Failed getting secret [error: ResourceNotFoundException: Secrets Manager can't find the specified secret.]]]]

I tried to use https://docs.descope.com/common-errors common errors to find errors by their codes - but I can't seem to find both

[E062011]

and

[E053002]

I have not deployed/changed my app or its environment recently. Yesterday and a couple of days ago login in the app was functioning. I also tried experimenting - I cleaned my app site data/cache/cookies - then I re-tried and was able to login once, all the next attempts are failing again. Could you, please, elaborate on the error above?

Hi guys, is there any example or tutorial about how to use magic links with react? Can I do something like this?

<https://myapp.com/?descope_magic=xyz>

and having a valid session running?

Hey Descopers, we wanted to allow user identification with a custom attribute and password. It looks like this was an option at some point https://docs.descope.com/auth-methods/passwords but on my password settings page there doesnt seem to be an option for it. Was this moved or disabled at some point, or am I just looking in the wrong place?

hi Descopers, i'm trying to add a step in my flow to add a Role using the

Update User / Add Roles

action. i added the role to my tenant but i keep getting an error:

"error": "[E064007] Invalid tenant selected for JWT: No tenant supplied"

but i can update the JWT with Custom Claims action. what could be the issue?

Hi, I am trying to set roles for a user in a tenant using Go SDK: https://docs.descope.com/user-management/sdks#set-roles-for-a-user-in-a-specific-tenant However, I get an error about invalid phone number. There is no phone number in this request. Below is the error:

[E011004] Request contains invalid arguments: Invalid phone number [Status-Code:400]

Thanks in advance for your help

I am looking for a way to merge SSO users with magic link / password users. Currently, if a user signs up with magic link, then signs up with a password, it will create two users with the following ids: • user@tenant.com (from magic link) • user@tenant.com-tenant.com (from SSO) The desired behavior would be that when they sign up / in via SSO, if they have previously signed in via magic link, it is just merged (based on email).

Hi all 🙂 Is there any way to import or clone login screens (for sign in flow, for example), from one project to another?

do we have option to change font color in flow ? I can see only option to change background color for now

Hi Descope , i was wondering what is the reason we cant update access key roles after after the creation

Hi, I'm trying to create a sign up flow that creates a tenant, then add project pre-defined roles to the new user as tenant roles, and then sets the tenant id as dct custom claim. Currently the flow fails on "[E011003]: Request is invalid Failed to add roles to user - The roles[0].name field is required Error"

Hi everyone, I'm trying to use the Descope SDK in the Next.js Pages Router app. However, when importing

@descope/nextjs-sdk

, I encounter an error related to

next/dynamic

in

DescopeFlows.js

. Has anyone experienced this before or have any insights on what might be causing it? I tried following the GitHub example app/docs provided by the support team, but still no luck. Thanks.

FWIW I think the SSO login on Descope.com could be improved. If I press the SSO login button without an email input I get an error. Then when I enter an email and press "Continue with Email" I get emailed a link, which seems to be a waste of time. Only when I enter an email and then press the sso button do I get the iDP. I think you should just be able to enter your email and press "continue" and go direct to your IDP.

Also is there an hCAPTCHA integration - I see reCAPTCHA but not hCAPTCHA?

Hello. https://github.com/descope/terraform-provider-descope says that there’s a descope terraform module in the Terraform Registry (registry.terraform.io), however a search does not turn up such a module and attempting to follow the instructions on the github page says that provider registry.terraform.io/descope/descope was not found. Is there a terraform module for setting up Descope?