In my auth0 app
I am sending a session token to a checkout page in a redirect action and i want to receive it back for validation when calling the continue route
but i get this error page that saying that this error is happening when the received session token is not matching what was sent to the continue route
i notice that the session token changes when sent b/c it is encoded
how do i decode the session token when receiving it and send it back to properly continue the login flow
auth0 action:
exports.onExecutePostLogin = async (event, api) => {
try {
const isPaid = event.user.app_metadata.isPaid;
if (event.stats.logins_count !== 1 && isPaid) {
return;
} else {
if (event.user.app_metadata.stripe_customer_id) {
const sessionToken = api.redirect.encodeToken({
secret: event.secrets.NEW_STATE,
payload: {
customerId: event.user.app_metadata.stripe_customer_id,
},
});
console.log(sessionToken)
// Redirect the user to the Stripe checkout page with session_token query parameter
api.redirect.sendUserTo('https://www.************.com/checkout', {
query:
{
session_token: sessionToken,
redirect_uri: `https://******************.us.auth0.com/continue`,
},
});
}
}
} catch (error) {
console.log(error.message);
api.access.deny(
"We could not create your account, problem with stripe redirection.\n" +
"Please contact support for assistance."
);
}
};
exports.onContinuePostLogin = async (event, api, ) => {
try {
let decodedToken;
decodedToken = api.redirect.validateToken({
secret: event.secrets.NEW_STATE,
tokenParameterName: 'session_token',
});
// Now you can use the decoded token as needed
console.log(decodedToken);
// Set the app metadata if needed
api.user.setAppMetadata('isPaid', true);
} catch (error) {
console.log('Error receiving and validating the token and with using the continue endpoint');
return api.access.deny('Error occurred during redirect.');
}
};
checkout.tsx (receives session token and sends it back)
import React from 'react';
import { useAuth0 } from '@auth0/auth0-react';
import Stripe from 'stripe';
import queryString from 'query-string';
import jwt from 'jsonwebtoken'; // Import the JWT library
const stripe = new Stripe('*********************************', {
apiVersion: '2022-11-15',
});
const Checkout = () => {
const { user } = useAuth0();
const priceId = '*************************';
const successUrl = 'https://**********.us.auth0.com/continue';
const cancelUrl = 'https://www.**************.com/about';
async function createCheckoutSession() {
// Parse the URL to get state, session_token, customer_id, and redirect_uri
const parsedUrl = queryString.parse(window.location.search);
const sessionToken = parsedUrl.session_token as string;
//const customerId = parsedUrl.customer_id;
const redirectUri = parsedUrl.redirect_uri;
const state = parsedUrl.state;
// Check if the session_token, customer_id, and redirectUri exist
if (sessionToken && redirectUri) {
//trying to decode token don't know how to do it
const decodedToken = jwt.decode(sessionToken);
if(!decodedToken){
console.log('not decoding properly')
}
// Note: You might need to adjust the validation logic based on your token structure
const newURI = `${successUrl}?session_token=${sessionToken}&${state}`;
const session = await stripe.checkout.sessions.create({
customer: user?.app_metadata?.stripe_customer_id,
payment_method_types: ['card'],
line_items: [{ price: priceId, quantity: 1 }],
subscription_data: {
trial_period_days: 5
},
mode: 'subscription',
success_url: newURI,
cancel_url: cancelUrl,
});
if (session.url) {
window.location.href = session.url; // Redirect to Stripe checkout page
}
}
}
return (
<div>
<br></br><br></br><br></br>
<button onClick={createCheckoutSession}>Click Here To Checkout For Our ECOmium Plan!</button>
</div>
);
};
export default Checkout;