https://descope.com logo
Join Slack
Powered by
Love the customer support here guys, great job. La...
# ask-a-descoper
s
Love the customer support here guys, great job. Last question (hopefully), I was using the descope flows for my authentication and I had the redirect url send the user to my flutter web app, in the url I see https://mywebsite.com/?code=theCode&descope-login-flow=sign-up-or-in%7C%23%7CAnotherCode_2.end I'm wondering what those two codes are?
s
@late-spoon-95735 @some-librarian-64280 can you help here?
I think one of them might be for PKCE , but will let @late-spoon-95735 @some-librarian-64280 to answer it more accurately
l
Don't think so. Feels like a redirect that should go back into the flow. @steep-keyboard-7095 which authentication method are you running in your flow? Did you complete it successfully? Did you get the callback?
s
My flow is this: Descope flows auth page is at chat.quillify.ai/signin.html then it redirects to chat.quillify.ai (where the flutter app lives). I assume it redirects onsuccess?
Oh it does because that's what I have in the js haha
l
Not exactly. Redirects in auth methods such as OAuth, Magic Link, Enchanted link, etc. Should redirect back into the flow to complete successfully. Once the user authenticates, the `onSuccess' callback will be called with the authentication response. You can redirect where you need from there.
s
Oh I see, so I'll get the session token cookie when it redirects back to the flow. So then it's on me to pass that into the next page, right?
l
Yes, exactly. Once the authentication flow completes you can run whatever makes sense in your business logic. We don't assume anything about it, and let you take over when the callback is called.
s
That makes sense. So then what's with the codes in the url? Here's my js for the redirect for reference: 
const sessionToken = sdk.getSessionToken();
const notValidToken = sessionToken ? sdk.isJwtExpired(sessionToken) : false;
if (!sessionToken || !notValidToken) {
const container = document.getElementById('descopeContainer');
`container.innerHTML = `<descope-wc project-id="${projectId}" flow-id="sign-up-or-in"></descope-wc>`;` 
const wcElement = document.getElementsByTagName('descope-wc')[0];
const onSuccess = (e) => {
console.log(e.detail.user);
const sessionToken = sdk.getSessionToken();
console.log(sessionToken);
console.log(document.cookie);
sdk.refresh(),
window.location.replace('<https://chat.quillify.ai>');
};
}
const onError = (err) => console.log(err);
wcElement.addEventListener('success', onSuccess);
wcElement.addEventListener('error', onError);
l
I'm exactly sure, but I think you have OAuth in your flow, or SSO. Am I right?
s
Yes
I logged in using a social login
l
Great. So in order to complete successfully, you need to configure your OAuth action in the flow editor to redirect back to the *flow. J*ust to complete the implementation details for you, this will allow the flow to exchange the code you're seeing in the URL for an actual token.
s
So in my case, in my descope Flows editor, I'd make the redirect URL my flutter web app and then I should see the OAuth token in my url?
l
Make it the page that runs the flows. Then the onSuccess should be called.
It should redirect to http://chat.quillify.ai/chat.html according to what you wrote above
Again, when the flow completes, the callback is called. There are no redirections at that point
s
Ok, I got it. So the Flow completes, the onSuccess method is called and now I have the jwt, so all I have to do at that point is just feed that jwt into my flutter app and I should have everything I need for the authorized user to make requests
l
Exactly 👍
s
Great! So last thing then: In my project under token response method, I have the manage in cookies option selected and have already gone through the steps for the DNS. How does that affect the return of the jwt? Does it?
l
I'm not exactly sure about that. @square-vr-55083?
s
It affects where the JWT returns If you choose the cookies, refresh token and access token will be returned over cookies ( DS and DSR ) On other option , it will be stored on local storage
You can read more about it here https://docs.descope.com/manage/session/
s
Ok, so it automatically saves it as a cookie on success. I guess I'm mainly wondering if there's anything I need to do to ensure that I can still access the cookie when I switch from my html/js to my flutter app and how I can retrieve cookies in flutter
s
You mean a web flutter app right ? Not mobile app If that is the case, than if both web and flutter apps are on same domain ( and same domain configured on descope app ) than cookies will be kept
s
Yep, flutter web. Ok, that's good to know then
I'm having a tough time getting the session and refresh tokens from the cookies, could you see if there's an error in my approach? 1. user's authenticate through descope flows on chat.quillify.ai/signin.html 2. The cookies should auto-save in the browser, so I send the user to chat.quillify.ai where they can interact with my flutter app. 3. My flutter web code attempts to retrieve the cookie from the html using html.document.cookie The problem is that it can't find any cookies on chat.quillify.ai. I've verified that the auth event returns a session token at least
Here's the printed event:
s
sessionJwt under detail, is the session token
Since you marked using cookies, refreshJwt will not appear on the response
Have you checked in the browser , which cookies you have under chat.quilify.ai ?
s
Is there a way to do that in the browser UI? I've just been doing it programmatically by typing into the console "document.cookie". I get an empty string when I run that command
Also, am I wrong to assume that the session Jwt and the refresh Jwt will be auto-logged in the cookies?
Talked to @breezy-evening-56597 and got it all sorted out. Thanks all!
Open in Slack
PreviousNext
Powered by