Please include the following information in your post:
- Which SDK this is regarding:
- SDK Version: 9.19.1
- Code Snippets/Error Messages/Supporting Details/Screenshots:
We are developing embedded login. we didn’t find any good reference. currently we are using webAuth login and then checking session using checkSession. we are going right direction?. if so how can we manage session and accessToken etc. api reference is not straight forwarded.
Please suggest us any good reference or flow to manage session and login.
With embedded login, there is no session. You don’t open a browser (for OIDC or SAML), so there is no browser cookie, which is the session.
I’d recommend not using embedded login and using Auth Code or Auth Code + PKCE
thank you so much for your email. I looked into your response to use Auth Code + PKCE but this is require to send OTP verification to verify the email with the code
in our case, we just allow user to login with the username and password ( no authentication code). So, I think its not going to work
I will be using embedded login with refresh token which seems fulfill my requirements
You can use either Auth Code, or Auth Code + PKCE
Neither one uses OTP verification. They do use a “code” to exchange for the tokens, but this code is handled entirely by the protocol, it is invisible to the user.
I still recommend switching to OIDC or SAML.