You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/home/auth/secure-auth-production.mdx
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ In a production application or agent, users are verified by your code, not Arcad
34
34
35
35
When your users authorize a tool, Arcade.dev will redirect the user's browser to your verifier route with some information in the query string. Your custom verifier route must send a response back to Arcade.dev to confirm the user's ID.
36
36
37
-
If you need help, start a [GitHub discussion](https://github.com/ArcadeAI/arcade-ai/discussions)and we'll be happy to assist. TODO prestart
37
+
If you need help, join the [Implementing a custom user verifier](https://github.com/ArcadeAI/arcade-ai/discussions/486) GitHub discussion and we'll be happy to assist.
38
38
39
39
import { Steps, Tabs } from"nextra/components";
40
40
@@ -47,14 +47,14 @@ Create a public route in your app or API that can accept a browser redirect (HTT
47
47
The route must gather the following information:
48
48
49
49
- The `flow_id` from the current URL's query string
50
-
- The unique ID of the user currently signed in, commonly an ID from your application, an email address, or similar.
50
+
- The unique ID of the user currently signed in, commonly an ID from your application's database, an email address, or similar.
51
51
52
52
How it's retrieved varies depending on how your app is built, but it is typically retrieved from a session cookie or other secure storage. It **must** match the user ID that your code specified at the start of the authorization flow.
53
53
54
54
55
-
### Verify the user's session details
55
+
### Verify the user's identity
56
56
57
-
Use the Arcade SDK (or our REST API) to verify the user's session details.
57
+
Use the Arcade SDK (or our REST API) to verify the user's identity.
58
58
59
59
<Warning>
60
60
Because this request uses your Arcade API key, it *must not* be made from the client side (a browser or desktop app). This code must be run on a server.
@@ -77,7 +77,7 @@ Content-Type: application/json
77
77
78
78
**Valid Response**
79
79
80
-
If the session details are valid, the response will contain some information about the auth flow:
80
+
If the user's ID matches the ID specified at the start of the authorization flow, the response will contain some information about the auth flow:
0 commit comments