I use the flows client to execute the authenticati...
# ask-a-descopera
acceptable-airport-27193
06/23/2023, 6:54 PMI use the flows client to execute the authentication flow. I get the "session token" per the above example. When I pass that jwt to the server and it attempts to make the /v1/auth/me call I get the error {"errorCode":"E064002","errorDescription":"Empty or Non Existent Refresh Token JWT was provided","errorMessage":"Failed to find JWT refresh token","message":"Failed to find JWT refresh token"}. Assuming the refresh token is separate, how do I obtain that when the flow returns to the login pate?
s
square-vr-55083
06/23/2023, 6:57 PMyou are trying to call /me from your backend or frontend ?
square-vr-55083
06/23/2023, 6:57 PMwhich sdk you use ?
a
acceptable-airport-27193
06/23/2023, 6:57 PMback end. The flows sdk
acceptable-airport-27193
06/23/2023, 6:58 PMsdk in the client. Backend is in Elixir so no backend SDK available
acceptable-airport-27193
06/23/2023, 6:58 PMusing API on the back end.
s
square-vr-55083
06/23/2023, 6:59 PMok, which frontend sdk are you using ?
a
acceptable-airport-27193
06/23/2023, 7:01 PMhttp. I just re-read the sample and think I have an idea I need to get both the session and refresh tokens separately. Looking into sdk object for that next.
s
square-vr-55083
06/23/2023, 7:01 PMsome context:
the "/me" api you used https://docs.descope.com/api/openapi/session/operation/Me/
will need the refresh JWT (not access token)
that one is stored on the client (local storage/cookies) and not sent to your backend by default (not needed , usually it's needed for descope only, to create new tokens)
square-vr-55083
06/23/2023, 7:02 PMso, better apporach, might be having the client sdk call the /me
a
acceptable-airport-27193
06/23/2023, 7:05 PMI do not trust any code running in the browser. Server is doing verification of token and getting user info
s
square-vr-55083
06/23/2023, 7:05 PMif you need the data in your backend, 2 options to do so:
1. use mgmt sdk to load user details https://docs.descope.com/manage/users/#load-existing-user-details
2. have the user info you need to reside on the JWT custom claims , you can add them via the flow with action "custom claims"
a
acceptable-airport-27193
06/23/2023, 7:06 PMWe are using descope for authentication, but not trusing the browser for anything more than the jwt to verify the identity. Then server will save jwt in session and refresh as needed to preserve session details.
s
square-vr-55083
06/23/2023, 7:08 PMone of the 2 approaches above are not what you are looking for ?
a
acceptable-airport-27193
06/23/2023, 7:22 PMWe are not trying to load existing users, so not sure how 1 helps us. We just need authenticated email, which is in the "me" results if I can get it to take the token. I did get .detail.refreshJwt from the client sdk and it is different from the session JWT, but using that in the Authentication header per the API docs is still not working.
acceptable-airport-27193
06/23/2023, 7:23 PMI have tried using curl with what should be a valid refresh token but no luck there either.
acceptable-airport-27193
06/23/2023, 7:25 PMUntitled
s
square-vr-55083
06/23/2023, 7:34 PMin that case, simply adding the email to the access token JWt will be simpler
square-vr-55083
06/23/2023, 7:34 PMjust add the "custom claim" action to your flow
square-vr-55083
06/23/2023, 7:34 PMthis is a similar example https://docs.descope.com/knowledgebase/descopeflows/customclaimshasura/customclaimshasura/
a
acceptable-airport-27193
06/23/2023, 7:39 PMIt appears to be working now with the refresh token. Proceeding for now. Thank you.
2 Views