iatoolkit 0.55.3__tar.gz → 0.56.0__tar.gz

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iatoolkit
-Version: 0.55.3
+Version: 0.56.0
 Summary: IAToolkit
 Author: Fernando Libedinsky
 License-Expression: MIT

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "iatoolkit"
-version = "0.55.3"
+version = "0.56.0"
 requires-python = ">=3.12"
 description = "IAToolkit"
 readme = "readme.md"

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/base_company.py

@@ -88,7 +88,7 @@ class BaseCompany(ABC):
 
     @abstractmethod
     # get context specific for this company
-    def get_user_info(self, user_identifier: str) -> str:
+    def get_user_info(self, user_identifier: str) -> dict:
         raise NotImplementedError("La subclase debe implementar el método get_user_info()")
 
     @abstractmethod

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/common/routes.py

@@ -26,8 +26,6 @@ def register_views(injector, app):
     from iatoolkit.views.tasks_view import TaskView
     from iatoolkit.views.tasks_review_view import TaskReviewView
     from iatoolkit.views.login_simulation_view import LoginSimulationView
-    from iatoolkit.views.login_view import LoginView, FinalizeContextView
-    from iatoolkit.views.external_login_view import ExternalLoginView
     from iatoolkit.views.signup_view import SignupView
     from iatoolkit.views.verify_user_view import VerifyAccountView
     from iatoolkit.views.forgot_password_view import ForgotPasswordView
@@ -36,27 +34,41 @@ def register_views(injector, app):
     from iatoolkit.views.user_feedback_api_view import UserFeedbackApiView
     from iatoolkit.views.prompt_api_view import PromptApiView
     from iatoolkit.views.chat_token_request_view import ChatTokenRequestView
+    from iatoolkit.views.login_view import LoginView, FinalizeContextView
+    from iatoolkit.views.external_login_view import ExternalLoginView, RedeemTokenApiView
 
     # iatoolkit home page
     app.add_url_rule('/<company_short_name>', view_func=IndexView.as_view('index'))
 
-    # init (reset) the company context (with api-key)
-    app.add_url_rule('/<company_short_name>/api/init_context_api',
-                     view_func=InitContextApiView.as_view('init_context_api'))
+    # login for the iatoolkit integrated frontend
+    app.add_url_rule('/<company_short_name>/login', view_func=LoginView.as_view('login'))
 
-    # this functions are for login external users (with api-key)
-    # only the first one should be used from an external app
+    # this is the login for external users
     app.add_url_rule('/<company_short_name>/external_login',
                      view_func=ExternalLoginView.as_view('external_login'))
 
+    # this endpoint is called when onboarding_shell finish the context load
+    app.add_url_rule(
+        '/<company_short_name>/finalize',
+        view_func=FinalizeContextView.as_view('finalize_no_token')
+    )
+
+    app.add_url_rule(
+        '/<company_short_name>/finalize/<token>',
+        view_func=FinalizeContextView.as_view('finalize_with_token')
+    )
+
+    # this endpoint is called by the JS for changing the token for a session
+    app.add_url_rule('/<string:company_short_name>/api/redeem_token',
+                     view_func = RedeemTokenApiView.as_view('redeem_token'))
+
     # this endpoint is for requesting a chat token for external users
     app.add_url_rule('/auth/chat_token',
                      view_func=ChatTokenRequestView.as_view('chat-token'))
 
-    # login for the iatoolkit integrated frontend
-    # this is the main login endpoint for the frontend
-    app.add_url_rule('/<company_short_name>/login', view_func=LoginView.as_view('login'))
-    app.add_url_rule('/<company_short_name>/finalize_context_load', view_func=FinalizeContextView.as_view('finalize_context_load'))
+    # init (reset) the company context (with api-key)
+    app.add_url_rule('/<company_short_name>/api/init_context_api',
+                     view_func=InitContextApiView.as_view('init_context_api'))
 
     # register new user, account verification and forgot password
     app.add_url_rule('/<company_short_name>/signup',view_func=SignupView.as_view('signup'))

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/iatoolkit.py

@@ -19,7 +19,7 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 from injector import Binder, singleton, Injector
 from importlib.metadata import version as _pkg_version, PackageNotFoundError
 
-IATOOLKIT_VERSION = "0.55.3"
+IATOOLKIT_VERSION = "0.56.0"
 
 # global variable for the unique instance of IAToolkit
 _iatoolkit_instance: Optional['IAToolkit'] = None
@@ -155,10 +155,9 @@ class IAToolkit:
 
         self.app.config.update({
             'VERSION': self.version,
-            'SERVER_NAME': domain,
             'SECRET_KEY': self._get_config_value('FLASK_SECRET_KEY', 'iatoolkit-default-secret'),
-            'SESSION_COOKIE_SAMESITE': "None" if is_https else "Lax",
-            'SESSION_COOKIE_SECURE': is_https,
+            'SESSION_COOKIE_SAMESITE': "None",
+            'SESSION_COOKIE_SECURE': True,
             'SESSION_PERMANENT': False,
             'SESSION_USE_SIGNER': True,
             'JWT_SECRET_KEY': self._get_config_value('JWT_SECRET_KEY', 'iatoolkit-jwt-secret'),

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/repositories/profile_repo.py

@@ -72,10 +72,14 @@ class ProfileRepo:
     def create_company(self, new_company: Company):
         company = self.session.query(Company).filter_by(name=new_company.name).first()
         if company:
-            company.parameters = new_company.parameters
-            company.branding = new_company.branding
-            company.onboarding_cards = new_company.onboarding_cards
+            if company.parameters != new_company.parameters:
+                company.parameters = new_company.parameters
+            if company.branding != new_company.branding:
+                company.branding = new_company.branding
+            if company.onboarding_cards != new_company.onboarding_cards:
+                company.onboarding_cards = new_company.onboarding_cards
         else:
+            # Si la compañía no existe, la añade a la sesión.
             self.session.add(new_company)
             company = new_company
 

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/services/auth_service.py

@@ -7,6 +7,7 @@ from flask import request
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
 from flask import request
+import logging
 
 
 class AuthService:
@@ -52,6 +53,7 @@ class AuthService:
         if api_key:
             api_key_entry = self.profile_service.get_active_api_key_entry(api_key)
             if not api_key_entry:
+                logging.info(f"Invalid or inactive API Key {api_key}")
                 return {"success": False, "error": "Invalid or inactive API Key", "status_code": 401}
 
             # obtain the company from the api_key_entry
@@ -61,7 +63,7 @@ class AuthService:
             user_identifier = ''
             if request.is_json:
                 data = request.get_json() or {}
-                user_identifier = data.get('external_user_id', '')
+                user_identifier = data.get('user_identifier', '')
 
             return {
                 "success": True,
@@ -70,5 +72,6 @@ class AuthService:
             }
 
         # --- Failure: No valid credentials found ---
+        logging.info(f"Authentication required. No session cookie or API Key provided.")
         return {"success": False, "error": "Authentication required. No session cookie or API Key provided.",
-                "status_code": 401}
+                "status_code": 402}

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/services/dispatcher_service.py

@@ -178,35 +178,13 @@ class Dispatcher:
         # source 2: external company user
         company_instance = self.company_instances[company_name]
         try:
-            raw_user_data = company_instance.get_user_info(user_identifier)
+            external_user_profile = company_instance.get_user_info(user_identifier)
         except Exception as e:
             logging.exception(e)
             raise IAToolkitException(IAToolkitException.ErrorType.EXTERNAL_SOURCE_ERROR,
                                      f"Error en get_user_info de {company_name}: {str(e)}") from e
 
-        # always normalize the data for consistent structure
-        return self._normalize_user_data(raw_user_data)
-
-    def _normalize_user_data(self, raw_data: dict) -> dict:
-        """
-        Asegura que los datos del usuario siempre tengan una estructura consistente.
-        """
-        # default values
-        normalized_user = {
-            "id": raw_data.get("id", 0),
-            "username": raw_data.get("id", 0),
-            "user_email": raw_data.get("email", ""),
-            "user_fullname": raw_data.get("user_fullname", ""),
-            "is_local": False,
-            "extras": raw_data.get("extras", {})
-        }
-
-        # get the extras from the raw data, if any
-        extras = raw_data.get("extras", {})
-        if isinstance(extras, dict):
-            normalized_user.update(extras)
-
-        return normalized_user
+        return external_user_profile
 
     def get_metadata_from_filename(self, company_name: str, filename: str) -> dict:
         if company_name not in self.company_instances:

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/services/jwt_service.py

@@ -24,16 +24,18 @@ class JWTService:
             raise RuntimeError(f"Configuración JWT esencial faltante: {e}")
 
     def generate_chat_jwt(self,
-                          company_id: int,
                           company_short_name: str,
-                          external_user_id: str,
+                          user_identifier: str,
                           expires_delta_seconds: int) -> Optional[str]:
         # generate a JWT for a chat session
         try:
+            if not company_short_name or not user_identifier:
+                logging.error(f"Missing token ID: {company_short_name}/{user_identifier}")
+                return None
+
             payload = {
-                'company_id': company_id,
                 'company_short_name': company_short_name,
-                'external_user_id': external_user_id,
+                'user_identifier': user_identifier,
                 'exp': time.time() + expires_delta_seconds,
                 'iat': time.time(),
                 'type': 'chat_session'  # Identificador del tipo de token
@@ -41,10 +43,10 @@ class JWTService:
             token = jwt.encode(payload, self.secret_key, algorithm=self.algorithm)
             return token
         except Exception as e:
-            logging.error(f"Error al generar JWT para company {company_id}, user {external_user_id}: {e}")
+            logging.error(f"Error al generar JWT para {company_short_name}/{user_identifier}: {e}")
             return None
 
-    def validate_chat_jwt(self, token: str, expected_company_short_name: str) -> Optional[Dict[str, Any]]:
+    def validate_chat_jwt(self, token: str) -> Optional[Dict[str, Any]]:
         """
         Valida un JWT de sesión de chat.
         Retorna el payload decodificado si es válido y coincide con la empresa, o None.
@@ -59,33 +61,22 @@ class JWTService:
                 logging.warning(f"Validación JWT fallida: tipo incorrecto '{payload.get('type')}'")
                 return None
 
-            if payload.get('company_short_name') != expected_company_short_name:
-                logging.warning(
-                    f"Validación JWT fallida: company_short_name no coincide. "
-                    f"Esperado: {expected_company_short_name}, Obtenido: {payload.get('company_short_name')}"
-                )
+            # user_identifier debe estar presente
+            if not payload.get('user_identifier'):
+                logging.warning(f"Validación JWT fallida: user_identifier ausente o vacío.")
                 return None
 
-            # external_user_id debe estar presente
-            if 'external_user_id' not in payload or not payload['external_user_id']:
-                logging.warning(f"Validación JWT fallida: external_user_id ausente o vacío.")
-                return None
-
-            # company_id debe estar presente
-            if 'company_id' not in payload or not isinstance(payload['company_id'], int):
-                logging.warning(f"Validación JWT fallida: company_id ausente o tipo incorrecto.")
+            if not payload.get('company_short_name'):
+                logging.warning(f"Validación JWT fallida: company_short_name ausente.")
                 return None
 
             logging.debug(
                 f"JWT validado exitosamente para company: {payload.get('company_short_name')}, user: {payload.get('external_user_id')}")
             return payload
 
-        except jwt.ExpiredSignatureError:
-            logging.info(f"Validación JWT fallida: token expirado para {expected_company_short_name}")
-            return None
         except jwt.InvalidTokenError as e:
-            logging.warning(f"Validación JWT fallida: token inválido para {expected_company_short_name}. Error: {e}")
+            logging.warning(f"Validación JWT fallida: token inválido . Error: {e}")
             return None
         except Exception as e:
-            logging.error(f"Error inesperado durante validación de JWT para {expected_company_short_name}: {e}")
+            logging.error(f"Error inesperado durante validación de JWT : {e}")
             return None

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/services/profile_service.py

@@ -60,7 +60,6 @@ class ProfileService:
             # the user_profile variables are used on the LLM templates also (see in query_main.prompt)
             user_identifier = user.email             # no longer de ID
             user_profile = {
-                "id": user_identifier,
                 "user_email": user.email,
                 "user_fullname": f'{user.first_name} {user.last_name}',
                 "user_is_local": True,
@@ -78,8 +77,8 @@ class ProfileService:
         """
         Public method for views to create a web session for an external user.
         """
-        # 1. Fetch the profile from the external system via Dispatcher.
-        user_profile = self.dispatcher.get_user_info(
+        # 1. Fetch the external user profile via Dispatcher.
+        external_user_profile = self.dispatcher.get_user_info(
             company_name=company.short_name,
             user_identifier=user_identifier
         )
@@ -88,7 +87,7 @@ class ProfileService:
         self.create_web_session(
             company=company,
             user_identifier=user_identifier,
-            user_profile=user_profile)
+            user_profile=external_user_profile)
 
     def create_web_session(self, company: Company, user_identifier: str, user_profile: dict):
         """
@@ -96,16 +95,19 @@ class ProfileService:
         """
         user_profile['company_short_name'] = company.short_name
         user_profile['user_identifier'] = user_identifier
-        user_profile['user_id'] = user_identifier
+        user_profile['id'] = user_identifier
         user_profile['company_id'] = company.id
         user_profile['company'] = company.name
 
-        # user_profile['last_activity'] = datetime.now(timezone.utc).timestamp()
+        # save user_profile in Redis session
         self.session_context.save_profile_data(company.short_name, user_identifier, user_profile)
 
-        # save this values into Flask session cookie
+        # save a min Flask session cookie for this user
+        self.set_session_for_user(company.short_name, user_identifier)
+
+    def set_session_for_user(self, company_short_name: str, user_identifier:str ):
+        SessionManager.set('company_short_name', company_short_name)
         SessionManager.set('user_identifier', user_identifier)
-        SessionManager.set('company_short_name', company.short_name)
 
     def get_current_session_info(self) -> dict:
         """

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/static/js/chat_feedback.js

@@ -106,7 +106,7 @@ const sendFeedback = async function(message) {
     };
     try {
         // Asumiendo que callLLMAPI está definido globalmente en otro archivo (ej. chat_main.js)
-        const responseData = await callLLMAPI('/feedback', data, "POST");
+        const responseData = await callToolkit('/feedback', data, "POST");
         return responseData;
     } catch (error) {
         console.error("Error al enviar feedback:", error);

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/static/js/chat_history.js

@@ -40,7 +40,7 @@ $(document).ready(function () {
         historyContent.hide();
 
         try {
-            const responseData = await callLLMAPI("/api/history", {}, "POST");
+            const responseData = await callToolkit("/api/history", {}, "POST");
 
             if (responseData && responseData.history) {
                 // Guardar datos globalmente

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/static/js/chat_main.js

@@ -5,6 +5,13 @@ let abortController = null;
 let selectedPrompt = null; // Will hold a lightweight prompt object
 
 $(document).ready(function () {
+    // Gatilla el redeem sin esperar ni manejar respuesta aquí
+        if (window.redeemToken !== '') {
+            const url = `/api/redeem_token`;
+            // No await: dejamos que callToolkit maneje todo internamente
+            callToolkit(url, {'token': window.redeemToken}, "POST").catch(() => {});
+        }
+
     // --- MAIN EVENT HANDLERS ---
     $('#send-button').on('click', handleChatMessage);
     $('#stop-button').on('click', abortCurrentRequest);
@@ -176,7 +183,7 @@ const handleChatMessage = async function () {
             user_identifier: window.user_identifier
         };
 
-        const responseData = await callLLMAPI("/llm_query", data, "POST");
+        const responseData = await callToolkit("/llm_query", data, "POST");
         if (responseData && responseData.answer) {
             const answerSection = $('<div>').addClass('answer-section llm-output').append(responseData.answer);
             displayBotMessage(answerSection);
@@ -292,28 +299,39 @@ function resetSpecificDataInput() {
  * @param {number} timeoutMs - Timeout in milliseconds.
  * @returns {Promise<object|null>} The response data or null on error.
  */
-const callLLMAPI = async function(apiPath, data, method, timeoutMs = 500000) {
+const callToolkit = async function(apiPath, data, method, timeoutMs = 500000) {
     const url = `${window.iatoolkit_base_url}/${window.companyShortName}${apiPath}`;
 
-    const headers = {"Content-Type": "application/json"};
-    if (window.sessionJWT) {
-        headers['X-Chat-Token'] = window.sessionJWT;
-    }
-
     abortController = new AbortController();
     const timeoutId = setTimeout(() => abortController.abort(), timeoutMs);
 
     try {
-        const response = await fetch(url, {
-            method: method,
-            headers: headers,
-            body: JSON.stringify(data),
-            signal: abortController.signal, // Se usa el signal del controlador global
-            credentials: 'include'
-        });
+        const fetchOptions = {
+                method: method,
+                signal: abortController.signal,
+                credentials: 'include'
+            };
+
+        // Solo agrega body si el método lo soporta y hay datos
+        const methodUpper = (method || '').toUpperCase();
+        const canHaveBody = !['GET', 'HEAD'].includes(methodUpper);
+        if (canHaveBody && data !== undefined && data !== null) {
+            fetchOptions.body = JSON.stringify(data);
+            fetchOptions.headers = {"Content-Type": "application/json"};
+
+        }
+        const response = await fetch(url, fetchOptions);
+
         clearTimeout(timeoutId);
 
         if (!response.ok) {
+            if (response.status === 401) {
+                const errorMessage = `Tu sesión ha expirado. `;
+                const errorIcon = '<i class="bi bi-exclamation-triangle"></i>';
+                const infrastructureError = $('<div>').addClass('error-section').html(errorIcon + `<p>${errorMessage}</p>`);
+                displayBotMessage(infrastructureError);
+                return null;
+                }
             try {
                 // Intentamos leer el error como JSON, que es el formato esperado de nuestra API.
                 const errorData = await response.json();
@@ -337,6 +355,14 @@ const callLLMAPI = async function(apiPath, data, method, timeoutMs = 500000) {
         if (error.name === 'AbortError') {
             throw error; // Re-throw to be handled by handleChatMessage
         } else {
+            // Log detallado en consola
+                console.error('Error de red en callToolkit:', {
+                    url,
+                    method,
+                    error,
+                    message: error?.message,
+                    stack: error?.stack,
+                });
             const friendlyMessage = "Ocurrió un error de red. Por favor, inténtalo de nuevo en unos momentos.";
             const errorIcon = '<i class="bi bi-exclamation-triangle"></i>';
             const commError = $('<div>').addClass('error-section').html(errorIcon + `<p>${friendlyMessage}</p>`);

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/templates/chat.html

@@ -111,8 +111,11 @@
                                                data-custom-fields='{{ prompt.custom_fields | tojson  }}'>
                                                 {{ prompt.description }}
                                             </a>
-                                        </li>                                    {% endfor %}
-                                    {% if not loop.last %}<li><hr class="dropdown-divider"></li>{% endif %}
+                                        </li>
+                                    {% endfor %}
+                                    {% if not loop.last %}
+                                        <li><hr class="dropdown-divider"></li>
+                                    {% endif %}
                                 {% endfor %}
                                 {% endif %}
                             </ul>
@@ -180,10 +183,11 @@
     // --- Global Configuration from Backend ---
     window.companyShortName = "{{ company_short_name }}";
     window.user_identifier = "{{ user_identifier }}";
+    window.redeemToken = "{{ redeem_token }}";
     window.iatoolkit_base_url = "{{ iatoolkit_base_url }}";
     window.availablePrompts = {{ prompts.message | tojson }};
-    window.sendButtonColor = "{{ branding.send_button_color }}";
     window.onboardingCards = {{ onboarding_cards | tojson }};
+    window.sendButtonColor = "{{ branding.send_button_color }}";
 </script>
 
 <!-- Carga de los scripts JS externos después de definir las variables globales -->

iatoolkit-0.56.0/src/iatoolkit/templates/login_simulation.html

@@ -0,0 +1,34 @@
+{% extends "base.html" %}
+
+{% block title %}Prueba de Login para {{ company_short_name }}{% endblock %}
+
+{% block content %}
+<div class="container-fluid">
+  <div class="row flex-fill mt-5 justify-content-center">
+    <div class="col-12 col-lg-6">
+      <div class="border rounded p-4 p-md-5 shadow-sm bg-light">
+        <h3 class="text-muted fw-semibold text-start mb-3">
+          Login Externo para <span style="color:#0d6efd;">{{ company_short_name }}</span>
+        </h3>
+        <div class="text-center mb-4">
+          <p class="text-muted widget-intro-text">
+            Este formulario simula el inicio de una sesión externa. Al enviar, serás redirigido a la URL de login final.
+          </p>
+        </div>
+
+        <!-- Formulario HTML estándar que hace un POST a la misma URL -->
+        <form method="POST" action="">
+          <div class="mb-3">
+            <label for="external_user_id" class="form-label d-block">External user ID</label>
+            <input type="text" id="external_user_id" name="external_user_id" class="form-control" required>
+          </div>
+          <button type="submit" class="btn btn-primary">
+            Redirigir a External Login
+          </button>
+        </form>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}
+

{iatoolkit-0.55.3 → iatoolkit-0.56.0}/src/iatoolkit/views/base_login_view.py

@@ -12,6 +12,7 @@ from iatoolkit.services.query_service import QueryService
 from iatoolkit.services.branding_service import BrandingService
 from iatoolkit.services.onboarding_service import OnboardingService
 from iatoolkit.services.prompt_manager_service import PromptService
+from iatoolkit.services.jwt_service import JWTService
 
 
 class BaseLoginView(MethodView):
@@ -22,16 +23,20 @@ class BaseLoginView(MethodView):
     @inject
     def __init__(self,
                  profile_service: ProfileService,
+                 jwt_service: JWTService,
                  branding_service: BrandingService,
                  prompt_service: PromptService,
                  onboarding_service: OnboardingService,
-                 query_service: QueryService):
+                 query_service: QueryService
+                 ):
         self.profile_service = profile_service
+        self.jwt_service = jwt_service
         self.branding_service = branding_service
         self.prompt_service = prompt_service
         self.onboarding_service = onboarding_service
         self.query_service = query_service
 
+
     def _handle_login_path(self, company_short_name: str, user_identifier: str, company):
         """
         Centralized logic to decide between the fast path and the slow path.
@@ -43,13 +48,33 @@ class BaseLoginView(MethodView):
         prep_result = self.query_service.prepare_context(
             company_short_name=company_short_name, user_identifier=user_identifier
         )
+
+        # generate continuation token for external login
+        redeem_token = ''
+        if self.__class__.__name__ == 'ExternalLoginView':
+            redeem_token = self.jwt_service.generate_chat_jwt(
+                company_short_name=company_short_name,
+                user_identifier=user_identifier,
+                expires_delta_seconds=300
+            )
+
+            if not redeem_token:
+                return "Error al generar el redeem_token para login externo.", 500
+
         if prep_result.get('rebuild_needed'):
             # --- SLOW PATH: Render the loading shell ---
             onboarding_cards = self.onboarding_service.get_onboarding_cards(company)
 
             # callback url to call when the context finish loading
-            target_url = url_for('finalize_context_load', company_short_name=company_short_name, _external=True)
-
+            if redeem_token:
+                target_url = url_for('finalize_with_token',
+                                     company_short_name=company_short_name,
+                                     token=redeem_token,
+                                     _external=True)
+            else:
+                target_url = url_for('finalize_no_token',
+                                     company_short_name=company_short_name,
+                                     _external=True)
             return render_template(
                 "onboarding_shell.html",
                 iframe_src_url=target_url,
@@ -62,7 +87,10 @@ class BaseLoginView(MethodView):
             onboarding_cards = self.onboarding_service.get_onboarding_cards(company)
             return render_template(
                 "chat.html",
+                company_short_name=company_short_name,
+                user_identifier=user_identifier,
                 branding=branding_data,
                 prompts=prompts,
-                onboarding_cards=onboarding_cards
+                onboarding_cards=onboarding_cards,
+                redeem_token=redeem_token
             )