Introduction

This guide will cover how to utilize embedded link actions within Descope flows. Some common use cases exist where embedded links may be preferred over other authentication methods. One notable use case would be allowing users to verify their email address after they initially signed up and are authenticated to your application rather than verifying the email address during the sign-up process.

Note: While this may enhance your user experience to authenticate faster if utilizing passwords, they will still need to verify their email address before sending a password reset via the normal methods.

This guide will cover the abovementioned use case and the use case for sending password reset via embedded link via flows.

Email Verification After Initial Sign Up

For the use case of allowing a user to verify their email after their initial signup, utilize the embedded link Update User action within your flow. This will require that you have a messaging connector already configured, as you will need a method of sending the embedded link to your user. You can find documentation on configuring connectors within our connectors knowledge base area.

Add the Update User Email Action

To add the update user via embedded link action to your flow, go to the flows page within the Descope console, clicking the blue + sign at the top left, select Action, and search for and select the Update User / Embedded Link / Email action.Once added to your flow, you will check the checkbox for Mark provided phone as verified.

Below are other customization options for the embedded link actions that you can make.

  • URI: the URL to prepend the embedded link token sent to the user.
  • Add to login IDs: This is applicable if you're using phone number or a custom user name as a auth method. To learn more on this option, see our documentation on Associating multiple login IDs for different auth methods.
  • Token Expiration allows you to override the configuration within the embedded link authentication configuration page. This is applicable when you want to set different expiration times for different tasks. Email verification for this use case makes sense for 30 days, so 43200; whereas with password reset, you may want to set this to 3 minutes, for example.

Configure embedded link update user via email action within Descope flows.

Configure Email Sending Action

After configuring a messaging connector, clicking the blue + sign at the top left, select Connector, then select the Send Email action for the configured messaging connector to add it to your flow.

Configure embedded link update user via email action within Descope flows.

Then, configure the send email action; you can use the dynamic values with curly brackets for the user's email, and then within the message itself, you will use the embeddedTokenURI key, which will display the URL for the user to click on. You can customize this via HTML to make that URL a button if you'd like.

Add send email action for embedded link within Descope flows.

Add Screens and Connect Flow

Now, you can add a screen showing the user that the email verification link has been sent and another screen stating that the email was successfully verified after the user clicked the link in the email they received.

You will then connect the actions similarly to configuring the screenshot below. The Token Generated will go to the Send verification email action then Verify Email Sent screen, and the Successful authentication will go to the Email Successfully Verified screen.

Connect the actions for embedded link email verification within Descope flows.

Test Email Verification

Now that you've added the ability to verify an email after initial sign-up later, you can test the flow. The initial sign-up will continue and give the user a JWT. When they eventually click the link in their email, the user will be authenticated, their email marked as verified and successfully logged in with a JWT.

Password Reset

The password reset configuration is very similar to the above example for email verification; however, here, you would utilize the Sign In / Embedded Link action. This action also allows you to configure the URI and Token Expiration. For this flow path, setting the Token expiration lower makes more sense since you expect the user to interact with the email sooner than the email verification use case.

Configure embedded link sign in action for password reset within Descope flows.

You would then add another send email action similarly to the above example, and then connect the actions to the applicable screens per the example below.

Configure embedded link sign in action for password reset within Descope flows.

Other Embedded Link Actions

There are other embedded link use cases that you may later want to utilize within your flow. Descope has other available embedded link actions that you can utilize to update the user's phone, sign up via embedded link, or sign up via embedded link. You can find these actions by clicking the blue + sign at the top left, selecting Action, and searching for Embedded Link.

Searching for embedded link actions within Descope flows.