the problem is that when i use the session token it doesn’t validate
Do you mean that the validation fails in your app’s code (during the redirect), or in the onContinuePostLogin section of the Action? This can generally happen when the secrets don’t match, but it’s difficult to say without more details.
If nothing works out, can you try this minimal redirect Action along with the example express server? https://gist.github.com/thameera/2dfb3dff6ed2ec461aef7a7a2e3d3250
If you can get that working, we can check how your setup differs from that.