Skip to content

Commit 18fde70

Browse files
docs: clarify PRE_SESSION_CREATION session paths and add invitation FAQ (#739)
* fix(search): prevent SaaSKit hub from surfacing in Algolia for 'Auth logs' and other feature terms Card titles on /home/saaskit/ were matching searches (e.g. 'Auth logs') and producing #_top links in Algolia results. Wrapped navigation card grids with data-docsearch-ignore and added robots noindex meta tag to exclude the page from search indexing. * docs: clarify PRE_SESSION_CREATION session paths and add invitation FAQ - Rewrite 'Modify claims in session tokens' intro to explicitly list all session paths covered by PRE_SESSION_CREATION (standard login, magic link, invitation first login, org switch) and note claims land in custom_claims key - Add inline cross-reference to native custom scopes for scope-string use cases - Add 'Common questions' section to add-users-to-organization with a details FAQ block: does PRE_SESSION_CREATION fire on invitee first login? Addresses recurring support questions from Neosapients (Pylon #959) and Rember (Pylon #1058). Related: SK-476 * docs: apply style and quality fixes * docs: fix guide openers and gerund headings; refine interceptors FAQ placement * docs(interceptors): clarify usage of PRE_SESSION_CREATION interceptor for custom claims in access tokens * docs: simplify PRE_SESSION_CREATION session paths list to use 'standard login'
1 parent 4af3da6 commit 18fde70

12 files changed

Lines changed: 38 additions & 16 deletions

File tree

src/configs/sidebar.config.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ export const sidebar = [
117117
link: 'guides/integrations',
118118
},
119119
{
120-
label: 'Go Live',
120+
label: 'Go live',
121121
items: [
122122
'authenticate/launch-checklist',
123123
'authenticate/run-e2e-tests',

src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ Scalekit -> User: Proceed or block sign-up
4848
4949
```
5050

51-
## Implementing interceptors
51+
## Implement interceptors
5252

5353
You can define interceptors at several trigger points during authentication flows.
5454

@@ -729,7 +729,9 @@ async def pre_signup(request: Request):
729729
730730
### Modify claims in session tokens
731731
732-
Add custom claims to Access tokens issued by Scalekit. Fetch user metadata from your database and return claims in the `response.claims` object. Claims are automatically included in the access token after authentication.
732+
To include additional custom claims in the access token, use the `PRE_SESSION_CREATION` interceptor. This interceptor makes an API call to your configured endpoint with user and organization data from Scalekit. You can respond with the format below, and the claims are included in the access token under the `custom_claims` key. This interceptor fires on every path that creates a new session token: standard login and organization switch.
733+
734+
If you need custom scope strings validated directly by your resource server (for example, Spring Security's `@PreAuthorize`), use [native custom scopes and permissions](/authenticate/authz/implement-access-control/) instead — `custom_claims` do not appear in the `scope` claim.
733735
734736
<Tabs syncKey="tech-stack">
735737
<TabItem value="node" label="Node.js">
@@ -846,6 +848,15 @@ After the interceptor returns custom claims, Scalekit includes them in the acces
846848
Keep custom claims minimal to avoid exceeding JWT size limits. Store large datasets in your database and use claims only for frequently-accessed metadata that needs to be available in the token.
847849
</Aside>
848850
851+
## Common scenarios
852+
853+
<details>
854+
<summary>Does `PRE_SESSION_CREATION` fire on an invitee’s first login?</summary>
855+
856+
Yes. It fires the same as any other path that creates a session token. Custom claims your interceptor returns are embedded in the issued access token. No additional configuration is required.
857+
858+
</details>
859+
849860
### Provision a user into an existing organization
850861
Use the **Pre-signup** interceptor to provision a user into an existing organization instead of creating a new one during signup. This is useful when you want users from specific email domains to always join a pre-defined organization, avoiding duplicate organization creation.
851862

src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -271,4 +271,15 @@ The user will receive an email with a link to accept the invitation and join you
271271

272272
Users belonging to multiple organizations will see an organization selection interface in subsequent login flows, allowing them to choose their desired organization.
273273

274-
</Aside>
274+
</Aside>
275+
276+
## Common questions
277+
278+
<details>
279+
<summary>Does PRE_SESSION_CREATION fire on an invitee's first login?</summary>
280+
281+
Yes. When an invitee clicks their magic link and completes signup, `PRE_SESSION_CREATION` fires the same as any other login path. Custom claims your interceptor returns are embedded in the issued JWT. No additional configuration is required.
282+
283+
See [Intercept auth flows](/authenticate/interceptors/auth-flow-interceptors/#modify-claims-in-session-tokens).
284+
285+
</details>

src/content/docs/authenticate/set-up-scalekit.mdx

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ head:
1313
font-size: var(--sl-text-lg);
1414
}
1515
sidebar:
16-
label: 'Set up environment & SDK'
16+
label: 'Set up'
1717
prev: false
1818

1919
---
@@ -22,7 +22,7 @@ import { LinkButton, Aside, Steps, Tabs, TabItem, Badge } from '@astrojs/starlig
2222
import { VideoPlayer } from 'starlight-videos/components'
2323
import InstallSDK from '@components/templates/_installsdk.mdx'
2424

25-
This guide shows you how to set up Scalekit in your development environment. You'll configure your workspace, get API credentials, install the SDK, verify everything works correctly, and optionally set up AI-powered development tools.
25+
Create a Scalekit account, install the SDK, configure your credentials, and verify the setup. This prepares your environment for adding authentication to your application.
2626

2727
Before you begin, create a Scalekit account if you haven't already. After creating your account, a Scalekit workspace is automatically set up for you with dedicated development and production environments.
2828

src/content/docs/cookbooks/implement-nextjs-auth.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: 'Implementing Passwordless Auth in Next.js 15'
2+
title: 'Implement passwordless auth in Next.js 15'
33
description: 'Add magic link and OTP authentication to your Next.js application using Scalekit''s headless API.'
44
date: 2025-02-19
55
tags: ['Full stack auth', 'Next.js']

src/content/docs/dev-kit/build-with-ai/full-stack-auth.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ import {
3939
SkillsCLICodingAgentSection
4040
} from '@/components/templates'
4141

42-
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to implement Scalekit's full-stack authentication end-to-end in your web applications. This guide shows you how to configure these agents so they analyze your codebase, apply consistent authentication patterns, and generate production-ready code for login, session management, and logout that follows security best practices while reducing implementation time from hours to minutes.
42+
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to implement Scalekit's full-stack authentication end-to-end in your web applications. Configure the agents to analyze your codebase, apply consistent authentication patterns, and generate production-ready code for login, session management, and logout. This approach follows security best practices while reducing implementation time from hours to minutes.
4343

4444
<Tabs syncKey="coding-agent">
4545
<TabItem label="Claude Code" icon="claude">

src/content/docs/dev-kit/build-with-ai/mcp-auth.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ import {
3939
SkillsCLICodingAgentSection
4040
} from '@/components/templates'
4141

42-
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit's OAuth 2.1 authentication to your MCP servers. This guide shows you how to configure these agents so they analyze your codebase, apply consistent authentication patterns, and generate production-ready code that integrates OAuth 2.1 end-to-end, reduces implementation time from hours to minutes, and follows security best practices.
42+
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit's OAuth 2.1 authentication to your MCP servers. Configure the agents to analyze your codebase, apply consistent authentication patterns, and generate production-ready code that integrates OAuth 2.1 end-to-end. This reduces implementation time from hours to minutes and follows security best practices.
4343

4444
**Prerequisites**
4545

src/content/docs/dev-kit/build-with-ai/scim.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ import {
3636
SkillsCLICodingAgentSection
3737
} from '@/components/templates'
3838

39-
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit's Modular SCIM directory sync to your applications. This guide shows you how to configure these agents so they analyze your codebase, apply SCIM patterns, and generate production-ready code for user provisioning, deprovisioning, and lifecycle management that follows security best practices and reduces implementation time from hours to minutes.
39+
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit's Modular SCIM directory sync to your applications. Configure the agents to analyze your codebase, apply SCIM patterns, and generate production-ready code for user provisioning, deprovisioning, and lifecycle management. This follows security best practices and reduces implementation time from hours to minutes.
4040

4141
<Tabs syncKey="coding-agent">
4242
<TabItem label="Claude Code" icon="claude">

src/content/docs/dev-kit/build-with-ai/sso.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ import {
3636
SkillsCLICodingAgentSection
3737
} from '@/components/templates'
3838

39-
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit's Modular SSO to your existing applications. This guide shows you how to configure these agents so they analyze your codebase, apply SSO patterns, and generate production-ready code that integrates enterprise identity providers and follows security best practices while reducing implementation time from hours to minutes.
39+
Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit's Modular SSO to your existing applications. Configure the agents to analyze your codebase, apply SSO patterns, and generate production-ready code that integrates enterprise identity providers. This follows security best practices while reducing implementation time from hours to minutes.
4040

4141
<Tabs syncKey="coding-agent">
4242
<TabItem label="Claude Code" icon="claude">

src/content/docs/passwordless/oidc.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ import Tabs from '@components/ui/Tabs.astro';
4646
import IconTdesignSequence from '~icons/tdesign/sequence'
4747

4848

49-
This guide shows you how to implement passwordless authentication with Scalekit over OIDC protocol. Users verify with a email verification code (OTP) or a magic link or both.
49+
Implement passwordless authentication with Scalekit over the OIDC protocol. Users verify their identity with an email verification code (OTP) or a magic link.
5050

5151
<details>
5252
<summary><IconTdesignSequence style="display: inline; width: 1rem; height: 1rem; vertical-align: middle; margin-right: 0.5rem;" /> Review the authentication sequence</summary>

0 commit comments

Comments
 (0)