From 54f560d7feaec40f0784ef1c6009cfdd5a0dfb74 Mon Sep 17 00:00:00 2001 From: Saif Ali Shaik Date: Sat, 6 Jun 2026 13:08:00 +0530 Subject: [PATCH 1/2] fix(search): prevent SaaSKit hub from surfacing in Algolia for 'Auth logs' and other feature terms Card titles on /home/saaskit/ were matching searches (e.g. 'Auth logs') and producing #_top links in Algolia results. Wrapped navigation card grids with data-docsearch-ignore and added robots noindex meta tag to exclude the page from search indexing. --- src/content/docs/home/saaskit/index.mdx | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/content/docs/home/saaskit/index.mdx b/src/content/docs/home/saaskit/index.mdx index cff0d49ae..a680a8726 100644 --- a/src/content/docs/home/saaskit/index.mdx +++ b/src/content/docs/home/saaskit/index.mdx @@ -11,6 +11,10 @@ banner: hero: tagline: Add SSO, SCIM, or MCP Auth as modular capabilities, or adopt Scalekit as your full identity layer for your SaaS app head: + - tag: meta + attrs: + name: robots + content: noindex - tag: style content: | right-sidebar-panel { @@ -260,7 +264,7 @@ import complianceImage from '@/content/docs/compliance.svg' -
+
@@ -302,7 +306,7 @@ import complianceImage from '@/content/docs/compliance.svg'
-
+
@@ -327,7 +331,7 @@ import complianceImage from '@/content/docs/compliance.svg'
-
+

Extensibility & Controls

@@ -353,7 +357,7 @@ import complianceImage from '@/content/docs/compliance.svg'
-
+

Developer Resources

From 70ae00059784e3a48eeb99584df007c5e96fe934 Mon Sep 17 00:00:00 2001 From: Saif Date: Wed, 10 Jun 2026 06:33:28 +0000 Subject: [PATCH 2/2] docs: clarify PRE_SESSION_CREATION session paths and add invitation FAQ - Rewrite 'Modify claims in session tokens' intro to explicitly list all session paths covered by PRE_SESSION_CREATION (standard login, magic link, invitation first login, org switch) and note claims land in custom_claims key - Add inline cross-reference to native custom scopes for scope-string use cases - Add 'Common questions' section to add-users-to-organization with a details FAQ block: does PRE_SESSION_CREATION fire on invitee first login? Addresses recurring support questions from Neosapients (Pylon #959) and Rember (Pylon #1058). Related: SK-476 --- .../interceptors/auth-flow-interceptors.mdx | 4 +++- .../add-users-to-organization.mdx | 13 ++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx b/src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx index bd88f5181..1afea87fb 100644 --- a/src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx +++ b/src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx @@ -729,7 +729,9 @@ async def pre_signup(request: Request): ### Modify claims in session tokens -Add custom claims to Access tokens issued by Scalekit. Fetch user metadata from your database and return claims in the `response.claims` object. Claims are automatically included in the access token after authentication. +Add custom claims to access tokens issued by Scalekit. Your `PRE_SESSION_CREATION` interceptor fires on every path that creates a new session token: standard login (password, SSO, social), magic link and email OTP, invitation magic link (including an invitee's first login), and organization switch. Fetch user metadata from your database and return claims in the `response.claims` object. Scalekit embeds them in the access token under the `custom_claims` key. + +If you need custom scope strings validated directly by your resource server (for example, Spring Security's `@PreAuthorize`), use [native custom scopes](/authenticate/fsa/multiapp/single-page-app/) instead — `custom_claims` do not appear in the `scope` claim. diff --git a/src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx b/src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx index 05385f0f9..1ea3e366c 100644 --- a/src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx +++ b/src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx @@ -271,4 +271,15 @@ The user will receive an email with a link to accept the invitation and join you Users belonging to multiple organizations will see an organization selection interface in subsequent login flows, allowing them to choose their desired organization. - \ No newline at end of file + + +## Common questions + +
+Does PRE_SESSION_CREATION fire on an invitee's first login? + +Yes. When an invitee clicks their magic link and completes signup, `PRE_SESSION_CREATION` fires the same as any other login path. Custom claims your interceptor returns are embedded in the issued JWT. No additional configuration is required. + +See [Intercept auth flows](/authenticate/interceptors/auth-flow-interceptors/#modify-claims-in-session-tokens). + +
\ No newline at end of file