Skip to Content
This project is in active development. Features and behaviors may change without notice.
DocumentationUsageSession Verification

Authentication

Once Scratch authentication is complete, the privateCode is appended as a query parameter to the redirect URL.
Using this value, you can call verifySession() to validate the user session and retrieve user information and the session ID.

How to Verify the User Session

src/index.ts
.("/auth", async () => {
  const  = ..("privateCode");
  const  = await .();
  if (.) {
    return .();
  } else {
    return .();
  }
});

If the user session is valid and token generation succeeds, the following response will be returned:

Response
{
  "success": true,
  "data": {
    "token": "********************************************************,
    "payload": {
      "valid": true,
      "username": "*************",
      "type": "instant",
      "redirect": "http://localhost:3000/auth"
    }
  }
}

Internal Behavior of Verification

verifySession() checks the following conditions:

  • privateCode is not empty
  • Communication with the external auth API is successful
  • redirect_url matches
  • The valid flag is true

Only if all conditions are met is the session considered authenticated.

Error Examples and Handling

Error MessageCauseSolution
No value provided for verification.privateCode is undefinedEnsure the query includes the privateCode
Failed to access the authentication system.API connection failedCheck network or API endpoint URL
Session authentication failed.Session mismatch or invalid stateEnsure the redirect_url is set correctly
Last updated on
Generate Login PageToken Verification