This guide is meant for developers that are NOT using Descope Flows to design login screens and authentication methods.
If you'd like to use Descope Flows, Quick Start should be your starting point.
An enchanted link is a single-use link sent to the user for authentication (sign-up or sign-in) that
validates their identity. The Descope service sends enchanted links via email.
Enchanted links are an enhanced version of magic links. Enchanted links enable users to start the login process on one device (the originating device) while clicking the enchanted link on a different
device. When the user clicks the correct link, their session on the originating device is validated, and they are logged in. A special security feature
of enchanted link is that the end-user needs to pick the correct link from the three links delivered to them.
Alert
Enchanted links are user friendly since the user does not have to switch
tabs or applications to log in. The browser tab they initiated login from is the
only tab they need to use.
baseUrl: Custom domain that must be configured to manage token response in cookies. This makes sure every request to our service is through your custom domain, preventing accidental domain blockages.
baseStaticUrl: Custom domain to override the base URL that is used to fetch static files.
For registering a new user, your application client should accept user information, including an email or
phone number used for verification. The application client should send this information to your application
server. In this sample code, the enchanted link will be sent by email to email@company.com.
The signup call returns a pendingRef and a linkId. Display the linkId to end user from
your application so that they can click on the correct link in the email that they receive. Then your
application will utilize the pendingRef to poll for verification status on the originating device.
Also note that signup is not complete without the user verification step below.
For authenticating a user, your application client should accept the user's identity (typically an email address
or phone number). In this sample code, the enchanted link will be sent by email to email@company.com. The signin
call returns a pendingRef and a linkId. Display the linkId to end user from
your application so that they can click on the correct link in the email that they receive. Then your
application will utilize the pendingRef to poll for verification status on the originating device.
Also note that signin is not complete without the user verification step below.
For signing up a new user or signing in an existing user, you can utilize the signUpOrIn functionality.
In this sample code, the enchanted link will be sent by email to email@company.com. The signin
call returns a pendingRef and a linkId. Display the linkId to end user from
your application so that they can click on the correct link in the email that they receive. Then your
application will utilize the pendingRef to poll for verification status on the originating device.
Note that signUpOrIn is not complete without the user verification step below.
Call the verify function from your verify url. This means that this function needs to be called when the user
clicks the enchanted link. If the token is valid, the user will be authenticated and session returned to the polling thread (see next step).
On the route where you initialized the signIn, signUp, or signUpOrIn, you need to repeatedly poll for a valid session.
get_session(token) is called repeatedly until the user clicks the enchanted link URL they received, so that the
session on the initiating device can be directed to your desired page.
This function allows you to update the user's email address via email. This requires a valid refresh token. Once the user has
received the enchanted link Code, you will need to host a page to verify the enchanted link code using the enchanted link Verify Function.
The final step of completing the authentication with Descope is to validate the user session. Descope provides rich session management capabilities, including configurable session timeouts and
logout functions. You can find the details and sample code for client session validation here.
Checkpoint
Your application is now integrated with Descope. Please test with sign-up or sign-in use case.