Enchanted Link
This authentication guide is meant for developers that are NOT using Descope to design login screens and authentication flows. If you’d like to use Descope Flows, Quick Start should be your starting point.
Introduction
An enchanted link is a single-use link sent to the user for authentication (sign-up or sign-in) that validates their identity. The Descope service sends enchanted links via email.
Enchanted links are an enhanced version of magic links. Enchanted links enable users to start the login process on one device (the originating device) while clicking the enchanted link on a different device. When the user clicks the correct link, their session on the originating device is validated, and they are logged in. A special security feature of enchanted link is that the end-user needs to pick the correct link from the three links delivered to them.
Enchanted links are user friendly since the user does not have to switch
tabs or applications to log in. The browser tab they initiated login from is the
only tab they need to use.
Use Cases
- New user signup: The following actions must be completed, first User Sign-Up, then within the same route begin Polling for a valid session, and when the enchanted link is clicked User Verification
- Existing user signin: The following actions must be completed, first User Sign-In, then within the same route begin Polling for a valid session, and when the enchanted link is clicked User Verification
- Sign-Up or Sign-In (Signs up a new user or signs in an existing user): The following actions must be completed, first User Sign-Up or Sign-In, then within the same route begin Polling for a valid session, and when the enchanted link is clicked User Verification
Install SDK
ReactNextJSNextAuthWebJSVue.jsHTMLAngular
npm i --save @descope/react-sdknpm i --save @descope/next-sdknpm i --save next-authnpm i --save @descope/web-js-sdknpm i --save @descope/vue-sdk<!-- Not applicable for HTML -->npm i --save @descope/angular-sdkImport and initialize SDK
ReactNextJSNextAuthWebJSVue.jsHTMLAngular
import { AuthProvider } from '@descope/react-sdk'
import { Descope, useDescope } from '@descope/react-sdk'
const AppRoot = () => {
return (
<AuthProvider
projectId="__ProjectID__"
// If the Descope project manages the token response in cookies,
// a custom domain must be configured
// (e.g., https://auth.app.example.com)
// and should be set as the baseUrl property.
// baseUrl = "https://auth.app.example.com"
>
<App />
</AuthProvider>
);
};import { AuthProvider } from '@descope/nextjs-sdk';
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
<AuthProvider projectId="__ProjectID__">
<html lang="en">
<body>{children}</body>
</html>
</AuthProvider>
);
}// app/api/auth/[...nextauth]
import { NextAuthOptions } from "next-auth"
import NextAuth from "next-auth/next";
export const authOptions: NextAuthOptions = {
providers: [
{
id: "descope",
name: "Descope",
type: "oauth",
wellKnown: `https://api.descope.com/${process.env.DESCOPE_PROJECT_ID}/.well-known/openid-configuration`,
authorization: { params: { scope: "openid email profile" } },
idToken: true,
clientId: process.env.DESCOPE_PROJECT_ID,
clientSecret: process.env.DESCOPE_ACCESS_KEY,
checks: ["pkce", "state"],
profile(profile) {
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: profile.picture,
}
},
},
],
callbacks: {
async jwt({token, account, profile}) {
if (account) {
return {
...token,
access_token: account.access_token,
expires_at: Math.floor(Date.now() / 1000 + account.expires_in),
refresh_token: account.refresh_token,
profile: {
name: profile?.name,
email: profile?.email,
image: profile?.picture,
},
}
} else if (Date.now() < token.expires_at * 1000) {
return token
} else {
try {
const response = await fetch("https://api.descope.com/oauth2/v1/token", {
headers: {"Content-Type": "application/x-www-form-urlencoded"},
body: new URLSearchParams({
client_id: "__ProjectID__",
client_secret: "<Descope Access Key>",
grant_type: "refresh_token",
refresh_token: token.refresh_token,
}),
method: "POST",
})
const tokens = await response.json()
if (!response.ok) throw tokens
return {
...token,
access_token: tokens.access_token,
expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in),
refresh_token: tokens.refresh_token ?? token.refresh_token,
}
} catch (error) {
console.error("Error refreshing access token", error)
return {...token, error: "RefreshAccessTokenError"}
}
}
},
async session({session, token}) {
if (token.profile) {
session.user = token.profile;
}
session.error = token.error
session.accessToken = token.access_token
return session
},
}
}
const handler = NextAuth(authOptions)
export { handler as GET, handler as POST }
// app/provider.tsx
'use client'
import { SessionProvider } from "next-auth/react"
export default function NextAuthSessionProvider(
{ children }:
{ children: React.ReactNode }
) {
return (
<SessionProvider>
{ children }
</SessionProvider>
)
}
// app/layout.tsx
import NextAuthSessionProvider from './provider'
export default function RootLayout({ children }: { children: React.ReactNode }) {
return (
<html>
<body>
<NextAuthSessionProvider>
<div>
{children}
</div>
</NextAuthSessionProvider>
</body>
</html>
)
}import DescopeSdk from '@descope/web-js-sdk';
try {
// baseUrl="<URL>" // you can also configure the baseUrl ex: https://auth.company.com - this is useful when you utilize CNAME within your Descope project.
const descopeSdk = DescopeSdk({ projectId: '__ProjectID__', persistTokens: true, autoRefresh: true });
} catch (error) {
// handle the error
console.log("failed to initialize: " + error)
}import { createApp } from "vue";
import App from "@/App.vue";
import descope, { getSdk } from "@descope/vue-sdk";
const app = createApp(App);
app.use(router);
app.use(descope, {
projectId: '__Project_ID__',
baseUrl: "<base url>", // Optional
});
const sdk = getSdk();
sdk?.onSessionTokenChange((newSession) => {
// here you can implement custom logic when the session is changing
});<head>
<script src="https://unpkg.com/@descope/web-js-sdk@x.x.x/dist/index.umd.js"></script>
<!-- Please replace `x.x.x` with the latest version of the WebJS SDK, which you can get from [here](https://www.npmjs.com/package/@descope/web-js-sdk) -->
</head>// app.module.ts
import { NgModule, APP_INITIALIZER} from '@angular/core';
import { BrowserModule } from '@angular/platform-browser';
import { DescopeAuthModule, DescopeAuthService, descopeInterceptor } from '@descope/angular-sdk';
import { AppComponent } from './app.component';
import {
HttpClientModule,
provideHttpClient,
withInterceptors
} from '@angular/common/http';
import { zip } from 'rxjs';
export function initializeApp(authService: DescopeAuthService) {
return () => zip([authService.refreshSession(), authService.refreshUser()]);
}
@NgModule({
declarations: [
AppComponent
],
imports: [
BrowserModule,
DescopeAuthModule.forRoot({
projectId: 'YOUR_PROJECT_ID'
})
],
providers: [
{
provide: APP_INITIALIZER,
useFactory: initializeApp,
deps: [DescopeAuthService],
multi: true
},
provideHttpClient(withInterceptors([descopeInterceptor]))
],
bootstrap: [AppComponent]
})
export class AppModule { }User Sign-up
For registering a new user, your application client should accept user information, including an email or phone number used for verification. The application client should send this information to your application server. In this sample code, the enchanted link will be sent by email to "email@company.com". The signup call returns apendingRef and a linkId. Display the linkId to end user from
your application so that they can click on the correct link in the email that they receive. Then your
application will utilize the pendingRef to poll for verification status on the originating device.Also note that signup is not complete without the user verification step below.
ReactWebJSHTML
// Args:
// user: user meta data for signup.
const user = {"name": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
// loginId: email - becomes the loginId for the user from here on and also used for delivery
const loginId = "email@company.com"
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// signUpOptions (SignUpOptions): this allows you to configure behavior during the authentication process.
const signUpOptions = {
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
const descopeSdk = useDescope();
const resp = await descopeSdk.enchantedLink.signUp(loginId, uri, user, signUpOptions);
if (!resp.ok) {
console.log("Failed to initialize signup flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signup flow")
const linkId = resp.data.linkId;
console.log("linkId " + linkId)
const pendingRef = resp.data.pendingRef;
console.log("pendingRef " + pendingRef)
}// Args:
// user: user meta data for signup.
const user = {"name": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
// loginId: email - becomes the loginId for the user from here on and also used for delivery
const loginId = "email@company.com"
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// signUpOptions (SignUpOptions): this allows you to configure behavior during the authentication process.
const signUpOptions = {
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
const resp = await descopeSdk.enchantedLink.signUp(loginId, uri, user, signUpOptions);
if (!resp.ok) {
console.log("Failed to initialize signup flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signup flow")
const linkId = resp.data.linkId;
console.log("linkId " + linkId)
const pendingRef = resp.data.pendingRef;
console.log("pendingRef " + pendingRef)
}<script>
let descopeSdk = Descope({projectId: '__ProjectID__', persistTokens: true, autoRefresh: true });
async function enchantedLinkSignUp() {
// Args:
// user: Optional user object to populate new user information.
const user = {
"name": document.getElementById("name").value,
"phone": document.getElementById("phone").value,
"email": document.getElementById("email").value
}
// loginId: email or phone - becomes the loginId for the user from here on and also used for delivery
const loginId = document.getElementById("email").value
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// signUpOptions (SignUpOptions): this allows you to configure behavior during the authentication process.
const signUpOptions = {
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
const resp = await descopeSdk.enchantedLink.signUp(loginId, uri, user, signUpOptions);
if (!resp.ok) {
window.alert("Failed to initialize signup flow\nStatus Code: " + resp.code
+ "\nError Code: " + resp.error.errorCode + "\nError Description: " + resp.error.errorDescription + "\nError Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signup flow")
window.location.replace("./polling_enchantedlink?userId=" + encodeURIComponent(loginId) + "&pendingRef=" + encodeURIComponent(resp.data.pendingRef) + "&linkId=" + encodeURIComponent(resp.data.linkId))
}
}
</script>User Sign-in
For authenticating a user, your application client should accept the user's identity (typically an email address or phone number). In this sample code, the enchanted link will be sent by email to "email@company.com". The signin call returns apendingRef and a linkId. Display the linkId to end user from
your application so that they can click on the correct link in the email that they receive. Then your
application will utilize the pendingRef to poll for verification status on the originating device.Also note that signin is not complete without the user verification step below.
ReactWebJSHTML
// Args:
// loginId: email - becomes the loginId for the user from here on and also used for delivery
const loginId = "email@company.com"
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// loginOptions (LoginOptions): this allows you to configure behavior during the authentication process.
const loginOptions = {
"stepup": false,
"mfa": false,
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
// refreshToken (optional): the user's current refresh token in the event of stepup/mfa
const descopeSdk = useDescope();
const resp = await descopeSdk.enchantedLink.signIn(loginId, uri, loginOptions);
if (!resp.ok) {
console.log("Failed to initialize signin flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signin flow")
const linkId = resp.data.linkId;
console.log("linkId " + linkId)
const pendingRef = resp.data.pendingRef;
console.log("pendingRef " + pendingRef)
}// Args:
// loginId: email - becomes the loginId for the user from here on and also used for delivery
const loginId = "email@company.com"
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// loginOptions (LoginOptions): this allows you to configure behavior during the authentication process.
const loginOptions = {
"stepup": false,
"mfa": false,
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
// refreshToken (optional): the user's current refresh token in the event of stepup/mfa
const resp = await descopeSdk.enchantedLink.signIn(loginId, uri, loginOptions);
if (!resp.ok) {
console.log("Failed to initialize signin flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signin flow")
const linkId = resp.data.linkId;
console.log("linkId " + linkId)
const pendingRef = resp.data.pendingRef;
console.log("pendingRef " + pendingRef)
}<script>
let descopeSdk = Descope({projectId: '__ProjectID__', persistTokens: true, autoRefresh: true });
async function enchantedLinkSignIn() {
// Args:
// loginId: email or phone for the user
const loginId = document.getElementById("loginId").value
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// loginOptions (LoginOptions): this allows you to configure behavior during the authentication process.
const loginOptions = {
"stepup": false,
"mfa": false,
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
// refreshToken (optional): the user's current refresh token in the event of stepup/mfa
const resp = await descopeSdk.enchantedLink.signIn(loginId, uri, loginOptions);
if (!resp.ok) {
window.alert("Failed to initialize signin flow\nStatus Code: " + resp.code
+ "\nError Code: " + resp.error.errorCode + "\nError Description: " + resp.error.errorDescription + "\nError Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signin flow")
window.location.replace("./polling_enchantedlink?userId=" + encodeURIComponent(loginId) + "&pendingRef=" + encodeURIComponent(resp.data.pendingRef) + "&linkId=" + encodeURIComponent(resp.data.linkId))
}
}
</script>User Sign-Up or Sign-In
For signing up a new user or signing in an existing user, you can utilize thesignUpOrIn functionality.
In this sample code, the enchanted link will be sent by email to "email@company.com". The signin
call returns a pendingRef and a linkId. Display the linkId to end user from
your application so that they can click on the correct link in the email that they receive. Then your
application will utilize the pendingRef to poll for verification status on the originating device.Note that signUpOrIn is not complete without the user verification step below.
ReactWebJSHTML
// Args:
// loginId: email - becomes the loginId for the user from here on and also used for delivery
const loginId = "email@company.com"
// signUpOptions (SignUpOptions): this allows you to configure behavior during the authentication process.
const signUpOptions = {
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
const descopeSdk = useDescope();
const resp = await descopeSdk.enchantedLink.signUpOrIn(loginId, uri, signUpOptions);
if (!resp.ok) {
console.log("Failed to initialize signUpOrIn flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signUpOrIn flow")
const linkId = resp.data.linkId;
console.log("linkId " + linkId)
const pendingRef = resp.data.pendingRef;
console.log("pendingRef " + pendingRef)
}// Args:
// loginId: email - becomes the loginId for the user from here on and also used for delivery
const loginId = "email@company.com"
// signUpOptions (SignUpOptions): this allows you to configure behavior during the authentication process.
const signUpOptions = {
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
const resp = await descopeSdk.enchantedLink.signUpOrIn(loginId, uri, signUpOptions);
if (!resp.ok) {
console.log("Failed to initialize signUpOrIn flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signUpOrIn flow")
const linkId = resp.data.linkId;
console.log("linkId " + linkId)
const pendingRef = resp.data.pendingRef;
console.log("pendingRef " + pendingRef)
}<script>
let descopeSdk = Descope({projectId: '__ProjectID__', persistTokens: true, autoRefresh: true });
async function enchantedLinkSignUpOrIn() {
// Args:
// loginId: email or phone - becomes the loginId for the user from here on and also used for delivery
const loginId = document.getElementById("email").value
// uri: (Optional) this is the link that user is sent (code appended) for verification. Your application needs to host this page and extract the token for verification. The token arrives as a query parameter named 't'
const uri = "http://auth.company.com/api/verify_enchantedlink"
// signUpOptions (SignUpOptions): this allows you to configure behavior during the authentication process.
const signUpOptions = {
"customClaims": {"claim": "Value1"},
"templateOptions": {"option": "Value1"}
}
const resp = await descopeSdk.enchantedLink.signUpOrIn(loginId, uri, signUpOptions);
if (!resp.ok) {
window.alert("Failed to initialize signup or in flow\nStatus Code: " + resp.code
+ "\nError Code: " + resp.error.errorCode + "\nError Description: " + resp.error.errorDescription + "\nError Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully initialized signup or in flow")
window.location.replace("./polling_enchantedlink?userId=" + encodeURIComponent(loginId) + "&pendingRef=" + encodeURIComponent(resp.data.pendingRef) + "&linkId=" + encodeURIComponent(resp.data.linkId))
}
}
</script>User Verification
Call theverify function from your verify url. This means that this function needs to be called when the user
clicks the enchanted link. If the token is valid, the user will be authenticated and session returned to the polling thread (see next step).
ReactWebJSHTML
// Args:
// token: URL parameter containing the enchanted link token for example, https://auth.company.com/api/verify_enchantedlink?t=token.
const token = "xxxx"
const descopeSdk = useDescope();
const resp = await descopeSdk.enchantedLink.verify(token);
if (!resp.ok) {
console.log("Failed to verify enchanted link")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully verified enchanted link")
}// Args:
// token: URL parameter containing the enchanted link token for example, https://auth.company.com/api/verify_enchantedlink?t=token.
const token = "xxxx"
const resp = await descopeSdk.enchantedLink.verify(token);
if (!resp.ok) {
console.log("Failed to verify enchanted link")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully verified enchanted link")
}<script>
enchantedLinkVerify(tokenFromURL)
async function enchantedLinkVerify(thisToken) {
// Args:
// token: URL parameter containing the enchanted link token for example, http://auth.company.com/api/verify_enchantedlink?t=token.
const token = thisToken
const resp = await descopeSdk.enchantedLink.verify(token);
if (!resp.ok) {
window.alert("Failed to verify Enchanted Link Token\nStatus Code: " + resp.code
+ "\nError Code: " + resp.error.errorCode + "\nError Description: " + resp.error.errorDescription + "\nError Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully verified OTP Enchanted Link Token")
window.alert("Successfully completed Enchanted Link verification. This tab will close after you acknowledge this alert. Please return to your original window.")
window.close();
}
}
</script>Polling for valid session
On the route where you initialized the signIn, signUp, or signUpOrIn, you need to repeatedly poll for a valid session.get_session(token) is called repeatedly until the user clicks the enchanted link URL they received, so that the
session on the initiating device can be directed to your desired page.
ReactWebJSHTML
// Args:
// pendingRef: Reference token received from signup or signin call.
const pendingRef = "xxxxx"
const descopeSdk = useDescope();
const resp = await descopeSdk.enchantedLink.waitForSession(pendingRef);
if (!resp.ok) {
console.log("Failed to complete polling flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully completed polling flow")
console.log(resp)
}// Args:
// pendingRef: Reference token received from signup or signin call.
const pendingRef = "xxxxx"
const resp = await descopeSdk.enchantedLink.waitForSession(pendingRef);
if (!resp.ok) {
console.log("Failed to complete polling flow")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully completed polling flow")
console.log(resp)
}<script>
let descopeSdk = Descope({projectId: '__ProjectID__', persistTokens: true, autoRefresh: true });
enchantedLinkVerify(pendingRef, userId)
async function enchantedLinkVerify(thisPendingRef, myUserId) {
// Args:
// token: URL parameter containing the enchanted link token for example, http://auth.company.com/api/verify_enchantedlink?t=token.
const pendingRef = thisPendingRef
const resp = await descopeSdk.enchantedLink.waitForSession(pendingRef);
if (!resp.ok) {
window.alert("Failed to verify Enchanted Link Token\nStatus Code: " + resp.code
+ "\nError Code: " + resp.error.errorCode + "\nError Description: " + resp.error.errorDescription + "\nError Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully verified OTP enchanted Link Token")
window.location.replace("../loggedIn?userId=" + encodeURIComponent(myUserId) + "&sessionJwt=" + resp.data.sessionJwt)
}
}
</script>Update Email
This function allows you to update the user's email address via email. This requires a valid refresh token. Once the user has received the enchanted link Code, you will need to host a page to verify the enchanted link code using the enchanted link Verify Function.
ReactWebJSHTML
// Args:
// loginId (str): The loginId of the user being updated
const loginId = "email@company.com"
// email (str): The new email address. If an email address already exists for this end user, it will be overwritten
const email = "newEmail@company.com"
// refreshToken (str): The session's refresh token (used for verification)
const refreshToken = "xxxxx"
// updateOptions (UpdateOptions): this allows you to configure behavior during the authentication process.
const updateOptions = {
"addToLoginIDs": true,
"onMergeUseExisting": true,
"templateOptions": {"option": "Value1"}
}
const descopeSdk = useDescope();
const resp = await descopeSdk.enchantedLink.update.email(loginId, email, refreshToken, updateOptions);
if (!resp.ok) {
console.log("Failed to start enchanted link email update")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully started enchanted link email update")
console.log(resp.data)
}// Args:
// loginId (str): The loginId of the user being updated
const loginId = "email@company.com"
// email (str): The new email address. If an email address already exists for this end user, it will be overwritten
const email = "newEmail@company.com"
// refreshToken (str): The session's refresh token (used for verification)
const refreshToken = "xxxxx"
// updateOptions (UpdateOptions): this allows you to configure behavior during the authentication process.
const updateOptions = {
"addToLoginIDs": true,
"onMergeUseExisting": true,
"templateOptions": {"option": "Value1"}
}
const resp = await descopeSdk.enchantedLink.update.email(loginId, email, refreshToken, updateOptions);
if (!resp.ok) {
console.log("Failed to start enchanted link email update")
console.log("Status Code: " + resp.code)
console.log("Error Code: " + resp.error.errorCode)
console.log("Error Description: " + resp.error.errorDescription)
console.log("Error Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully started enchanted link email update")
console.log(resp.data)
}<script>
let descopeSdk = Descope({projectId: '__ProjectID__', persistTokens: true, autoRefresh: true });
async function enchantedLinkUpdateEmail() {
// Args:
// loginId (str): The loginId of the user being updated
const loginId = "email@company.com"
// email (str): The new email address. If an email address already exists for this end user, it will be overwritten
const email = "newEmail@company.com"
// refreshToken (str): The session's refresh token (used for verification)
const refreshToken = "xxxxx"
// updateOptions (UpdateOptions): this allows you to configure behavior during the authentication process.
const updateOptions = {
"addToLoginIDs": true,
"onMergeUseExisting": true,
"templateOptions": {"option": "Value1"}
}
const resp = await descopeSdk.enchantedLink.update.email(loginId, email, refreshToken, updateOptions);
if (!resp.ok) {
window.alert("Failed to start enchanted link email update\nStatus Code: " + resp.code
+ "\nError Code: " + resp.error.errorCode + "\nError Description: " + resp.error.errorDescription + "\nError Message: " + resp.error.errorMessage)
}
else {
console.log("Successfully started enchanted link email update")
console.log(resp.data.sessionJwt)
window.alert("Successfully initialized Enchanted Link Flow, please close this window and go to your email or phone and click the link to log in.")
}
}
</script>Session Validation
The final step of completing the authentication with Descope is to validate the user session. Descope provides rich session management capabilities, including configurable session timeouts and logout functions. You can find the details and sample code for client session validation here.
Checkpoint: Your application is now integrated with Descope. Please test with sign-up or sign-in use case.