I am using passwordless login with email as a provider along with some social providers. Sometimes, I won’t get the chance to capture the first name and the last name of the user. As such, I am trying to implement a progressive profiling flow. I thought about using Actions because it looks to offer exactly what I need.
However, I am facing an issue related to session token and I would like some help to figure out what I am missing or doing wrong.
Here are the steps I am currently doing:
onExecutePostLogin, I redirect my user to myapp.com/onboarding using
api.redirect.sendUserTo. At this point, things are working fine and the user gets redirected correctly with the url containing the state and session_token.
Once I capture the data I need from my user, I generate a JWT token with the secret: 1234(temporary)
I then call the
/continuemethod to invoke
onContinuePostLoginwithin my Action. That seems to be working. However, once the action calls
api.redirect.validateTokenwith my dummy secret(1234), I get the following message:
The session token is invalid: State in the token does not match the /continue state.
From that point, I am not sure what I am doing wrong, I am guessing it’s in terms of how I generate my token, however I am not sure exactly. Any pointers would be appreciated.