Best way to implement embedded login with session management?

Please include the following information in your post:

  • Which SDK this is regarding:
  • SDK Version: 9.19.1
  • Platform Version: JavaScript
  • Code Snippets/Error Messages/Supporting Details/Screenshots:

We are developing embedded login. we didn’t find any good reference. currently we are using webAuth login and then checking session using checkSession. we are going right direction?. if so how can we manage session and accessToken etc. api reference is not straight forwarded.

Please suggest us any good reference or flow to manage session and login.

Hi @vikas.dagar

With embedded login, there is no session. You don’t open a browser (for OIDC or SAML), so there is no browser cookie, which is the session.

I’d recommend not using embedded login and using Auth Code or Auth Code + PKCE


1 Like

Hello John,

thank you so much for your email. I looked into your response to use Auth Code + PKCE but this is require to send OTP verification to verify the email with the code

in our case, we just allow user to login with the username and password ( no authentication code). So, I think its not going to work

I will be using embedded login with refresh token which seems fulfill my requirements

Hi @vikas.dagar

You can use either Auth Code, or Auth Code + PKCE

Neither one uses OTP verification. They do use a “code” to exchange for the tokens, but this code is handled entirely by the protocol, it is invisible to the user.

I still recommend switching to OIDC or SAML.