Glad to hear you got it working. The session token is required only if you want to pass some information back to the Action. If not, you can simply omit it.
I don’t see any problem with your onContinuePostLogin Action, assuming the secret and the and the tokenParameterName are correct. If you can capture a HAR file of the flow and DM (after removing sensitive info like passwords), I’ll be able to check, but you may need to do some debugging in the code as well if the Github gist I provided works.