Hi I m using the react sdk for the enchanted link signup and People Against Passwords #ask-a-descoper

Hi! I'm using the react-sdk for the enchanted link...

colossal-appointment-48082

06/22/2023, 6:42 PM

Hi! I'm using the react-sdk for the enchanted link signup and I think there is a bug with waitForSession https://docs.descope.com/build/guides/client_sdks/enchanted-link/#polling-for-valid-session it doesn't return a resp if the wrong button is clicked in the email Note: it does work when the correct button is clicked

breezy-evening-56597

06/22/2023, 7:22 PM

@salmon-night-88354 can you please have a look?

salmon-night-88354

06/22/2023, 7:26 PM

I'm looking currently. @colossal-appointment-48082 can you send me a code sample of how you are performing this? The steps should be: 1. Sign Up / or in / or up or in 2. The link is clicked and the link is verified by the endpoint provided 3. The poll session finds a successful session and logs the user in. If step 2 fails, step 3 won't return a response.

salmon-night-88354

06/22/2023, 7:26 PM

Are you using react with flows or calling the functions within react directly?

salmon-night-88354

06/22/2023, 7:32 PM

Really the poll starts before it's verified... So the order is: 1. Sign Up / or in / or up or in 2. The poll session finds a successful session and logs the user in. If step 2 fails, step 3 won't return a response. 3. The link is clicked and the link is verified by the endpoint provided

salmon-night-88354

06/22/2023, 7:38 PM

So: First - sign up or in then immediately start polling

Copy code

// Extract user information from the query in you application - below data is a sample
// Args:
//    user: user meta data for signup.
const user = {"name": "Joe Person", "phone": "+15555555555", "email": "<mailto:email@company.com|email@company.com>"}

//    identifier: email or phone - becomes the externalID for the user from here on and also used for delivery
const identifier = "<mailto:chris@descope.com|chris@descope.com>"

//    uri: this is the link that user is sent (code appended) for verification. Your application needs to host
//    this page and extract the token for verification. The token arrives as a query parameter named 't'
const verify_uri = "<http://auth.company.com/api/verify_enchantedlink>"

// Return value:
//    resp - json object containing ref_token and linkId.
//      ref_token - this is a reference that is used for polling till you get a valid session.
//        See the polling section.
//      linkId  - this is the number that you must show to the user on the screen which matches
//        to one of the link sent in email.
var pendingRef = ""
var resp = await mySdk.enchantedLink.signUpOrIn(identifier, verify_uri);
if (!resp.ok) {
  console.log("Failed to initialize signUpOrIn flow")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.message)
}
else {
  console.log("Successfully initialized signUpOrIn flow")
  const linkIdentifier = resp.data.linkId;
  console.log("linkId " + linkIdentifier)
  pendingRef = resp.data.pendingRef;
  console.log("pendingRef " + pendingRef)
}
var resp = await mySdk.enchantedLink.waitForSession(pendingRef);
if (!resp.ok) {
  console.log("Failed to initialize polling flow")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.message)
}
else {
  console.log("Successfully completed polling flow")
  console.log(resp)
}

Then on click, your verify page will do the following:

Copy code

const token = "5d45e3f3ea48f95d0825fb19169c41369fa50db987b7670bfa8aa127908468eb"
const resp = await mySdk.enchantedLink.verify(token);
console.log(resp)
if (!resp.ok) {
  console.log("Failed to verify enchanted link")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.message)
}
else {
  console.log("Successfully verified enchanted link")
  console.log(resp)
}

Fo ex here I gave the wrong token. It fails verification, but the polling session has no response to show since no successful session was found.

great-diamond-35515

06/22/2023, 7:56 PM

Hey Carlos 👋 I just want to articulate that this behavior is expected e.g. - lets say that • the number that is shown on the screen is 42 • and that the three numbers(links) in the email are 41, 42, 43 and the user is clicking 43 the 42 link is still valid to understand why it behaves that way - we need to understand the motivation behind the enchanted link - which is to minimize the risk for accidental clicks (for example, my grandmother clicks every shiny button she sees in her email 🙂) so the goal is not that the user “will succeed to click in the first try”, but to make the user make a conscious decision about which number to click, which will minimize the chance for accidental/automatic click let me know if you have any further question ofc!

colossal-appointment-48082

06/22/2023, 8:27 PM

whoops sorry went out to lunch and missed this whole thread! ohhhh interesting thanks!

👍 1

Open in Slack

Previous Next