I’m receiving the response: “errorSummary”: “Not found: Resource not found: me (Session)”, “errorCode”: “E0000007”, when querying the /api/v1/sessions/me endpoint.
Following this documentation: Sessions | Okta Developer
My header “Cookie” is a cookieToken I received from the endpoint: /api/v1/sessions?additionalFields=cookieTokenz
Additionally, when using the signin widget, I am unable to retrieve the current session details via the authClient (supposed to be okta-auth object):
var oktaSignIn = new OktaSignIn({
baseUrl: orgUrl,
});
oktaSignIn.renderEl(
{ el: '#okta-login-container' },
function (res) {
console.log(res)
if (res.status === 'SUCCESS') {
oktaSignIn.authClient.session.get()
.then(function(session) {
console.log(session)
})
.catch(function(err) {
console.log(err)
});
}
}
The above code results in a 404 response from https://blend360.okta.com/api/v1/sessions/me
What gives?
Can you do a quick check to confirm that your Okta session cookie is being generated?
- Login with your Okta url
- Open a new tab (in the same browser window) and paste the url
https://{yourOrgUrl}/api/v1/sessions/me (with your org info) in the address bar
- If you see a user response then it’s working. If you see a
Resource not found error then check if third-party cookies are being blocked in your browser.
For your widget code, are you using an OIDC flow? If not, then you need to use res.session.setCookieAndRedirect(url) to generate a session cookie first (which will perform a redirect). You’ll want to move the session.get() code outside of the if statement.
https://developer.okta.com/docs/guides/session-cookie/overview/#retrieving-a-session-cookie-by-visiting-a-session-redirect-link
I see, so the sign in from the widget is just an auth, it doesn’t set the session cookie. Maybe someone can help me think through this concept then:
I am trying to log in users programatically into Okta in my Next.JS app that contains pages with iframe embeds from an SSO SAML app integrated to Okta.
- In my application, I built a login form and submit the login credentials to my own API which submits the credentials to the api/v1/authn endpoint.
- I return the sessionToken to the application and set the location.href in the browser to {{org URL}}/login/setCookieRedirect with the sessionToken and redirect URL (welcome page) as query params.
This all works great, and signs the user into Okta and my SAML app, but I can’t get the active sessionId to hit any of the Session API endpoints. I want to refresh sessions as users continue to interact with the application so they don’t hit a wall when the session expires, but I can’t do that without the session ID.
Hitting the sessions/me endpoint from my app does not return the user’s session.
How can I refresh the user’s Okta dashboard session without having the session ID?
You can use the /api/v1/sessions/me/lifecycle/refresh endpoint if you have a frontend (javascript).
https://developer.okta.com/docs/reference/api/sessions/#refresh-current-session
You’ll want to set withCredentials or credentials to true so that the request is made with the session cookie from the browser.
THANK YOU! This is mentioned no-where in the documentation.