Skip to content

Commit f60fabf

Browse files
committed
Updates from review
1 parent 252cfbe commit f60fabf

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

pages/home/auth/secure-auth-production.mdx

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ In a production application or agent, users are verified by your code, not Arcad
3434

3535
When your users authorize a tool, Arcade.dev will redirect the user's browser to your verifier route with some information in the query string. Your custom verifier route must send a response back to Arcade.dev to confirm the user's ID.
3636

37-
If you need help, start a [GitHub discussion](https://github.com/ArcadeAI/arcade-ai/discussions) and we'll be happy to assist. TODO prestart
37+
If you need help, join the [Implementing a custom user verifier](https://github.com/ArcadeAI/arcade-ai/discussions/486) GitHub discussion and we'll be happy to assist.
3838

3939
import { Steps, Tabs } from "nextra/components";
4040

@@ -47,14 +47,14 @@ Create a public route in your app or API that can accept a browser redirect (HTT
4747
The route must gather the following information:
4848

4949
- The `flow_id` from the current URL's query string
50-
- The unique ID of the user currently signed in, commonly an ID from your application, an email address, or similar.
50+
- The unique ID of the user currently signed in, commonly an ID from your application's database, an email address, or similar.
5151

5252
How it's retrieved varies depending on how your app is built, but it is typically retrieved from a session cookie or other secure storage. It **must** match the user ID that your code specified at the start of the authorization flow.
5353

5454

55-
### Verify the user's session details
55+
### Verify the user's identity
5656

57-
Use the Arcade SDK (or our REST API) to verify the user's session details.
57+
Use the Arcade SDK (or our REST API) to verify the user's identity.
5858

5959
<Warning>
6060
Because this request uses your Arcade API key, it *must not* be made from the client side (a browser or desktop app). This code must be run on a server.
@@ -77,7 +77,7 @@ Content-Type: application/json
7777

7878
**Valid Response**
7979

80-
If the session details are valid, the response will contain some information about the auth flow:
80+
If the user's ID matches the ID specified at the start of the authorization flow, the response will contain some information about the auth flow:
8181

8282
<Tabs items={["REST"]} storageKey="preferredLanguage">
8383
<Tabs.Tab>
@@ -100,7 +100,7 @@ You can optionally redirect the user's browser to the `next_uri`, which will dis
100100

101101
**Invalid Response**
102102

103-
If the session details are invalid, it means the user is not the same user who started the authorization flow.
103+
If the user's ID does not match the ID specified at the start of the authorization flow, the response will contain an error.
104104

105105
<Tabs items={["REST"]} storageKey="preferredLanguage">
106106
<Tabs.Tab>
@@ -121,8 +121,8 @@ Content-Type: application/json
121121
In the Arcade Dashboard, pick the **Custom verifier** option and add the URL of your verifier route.
122122

123123
<Note>
124-
Arcade's default OAuth apps *only* support the Arcade session verifier.
125-
Authorization flows using Arcade's default OAuth apps will use the Arcade session verifier even if you have a custom verifier route set up.
124+
Arcade's default OAuth apps *only* support the Arcade user verifier.
125+
Authorization flows using Arcade's default OAuth apps will use the Arcade user verifier even if you have a custom verifier route set up.
126126
</Note>
127127

128128
</Steps>

0 commit comments

Comments
 (0)