Hi,
I am using passwordless login with email as a provider along with some social providers. Sometimes, I won’t get the chance to capture the first name and the last name of the user. As such, I am trying to implement a progressive profiling flow. I thought about using Actions because it looks to offer exactly what I need.
However, I am facing an issue related to session token and I would like some help to figure out what I am missing or doing wrong.
Here are the steps I am currently doing:
-
Inside
onExecutePostLogin
, I redirect my user to myapp.com/onboarding usingapi.redirect.sendUserTo
. At this point, things are working fine and the user gets redirected correctly with the url containing the state and session_token. -
Once I capture the data I need from my user, I generate a JWT token with the secret: 1234(temporary)
-
I then call the
/continue
method to invokeonContinuePostLogin
within my Action. That seems to be working. However, once the action callsapi.redirect.validateToken
with my dummy secret(1234), I get the following message:The session token is invalid: State in the token does not match the /continue state.
From that point, I am not sure what I am doing wrong, I am guessing it’s in terms of how I generate my token, however I am not sure exactly. Any pointers would be appreciated.
Thank you.