Hi Everyone, I am new to descope and I have a special use case right away that I would like to get some advice for. I am building a small app, but with some special needs. After the user signed up and paid a contribution, they should be redirected to a page with a form they can fill in. For that page I need kind of a step-up flow. The idea is that the user can only submit the form once, and the page also need to be only accessible by only this user and never again after submitting the form. I was thinking something like this: when redirected from making the payment, user gets the step-up flow which gives them a unique identifier (code or url?) that gives them temporary access to the page with the form, this identifier should be linked to the user, and each user should only be able to get 1 UID. (very important that the form can only be submitted once by every user) In my app I save the UID to a database and add a field "isUsed" set to false. At the submit event of the form, isUsed gets set to true. To make sure the form can only be submitted once with this unique identifier, and thus for this user, my app checks before rendering the form if the UID is not in the database yet, and if so, if it is not set to true. The form will be rendered and the user can proceed. Else, the user will be redirected to a page to tell them they already participated and to thank them. Is it possible to add these need to my step-up flow so that the UID will be created and sent to the user, and not to forget, make sure every user will only get one UID? Or should I forget wanting to use Descope for this part, and handle this completely inside my app using, for example, the user ID that is being created at user sign up? I would love if you can help me brainstorm about this, so that I can figure out the smartest, safest and most efficient way to do this. Thank you In advance, so curious to see what responses I will get! 😀

Hi, The use case is understood and might be able to be done via Descope. You can use user attributes to add any attribute to a user (see screenshots), this attribute can be added also to the JWT as custom claim so you can access it later on. You can add condition to the step-up flow (or any flow), that checks the isUsed attribute and decide what to do upon the value. Regarding generating UUID, there is no such action in flow to create UUID, but what you can do is to use the backend mgmt sdk to update the user attribute with that uuid, and then you will be able to access it in the flow as well - https://docs.descope.com/manage/users/#update-user.

Also you can add http call out (connectors) to flows. So you can generate or query external systems.

Thank you both 😀❤️ I am going to try this and see how it works out for my use case.