/api/v1/sessions/me is not found

kbrownblend360 · May 11, 2021, 4:25pm

I’m receiving the response: “errorSummary”: “Not found: Resource not found: me (Session)”, “errorCode”: “E0000007”, when querying the /api/v1/sessions/me endpoint.

Following this documentation: Sessions | Okta Developer

My header “Cookie” is a cookieToken I received from the endpoint: /api/v1/sessions?additionalFields=cookieTokenz

Additionally, when using the signin widget, I am unable to retrieve the current session details via the authClient (supposed to be okta-auth object):

      var oktaSignIn = new OktaSignIn({
        baseUrl: orgUrl,
      });

      oktaSignIn.renderEl(
        { el: '#okta-login-container' },
        function (res) {
          console.log(res)
          if (res.status === 'SUCCESS') {
            oktaSignIn.authClient.session.get()
            .then(function(session) {
              console.log(session)
            })
            .catch(function(err) {
              console.log(err)
            });

          }
        }

The above code results in a 404 response from https://blend360.okta.com/api/v1/sessions/me

What gives?

okra-okta · May 11, 2021, 7:18pm

Can you do a quick check to confirm that your Okta session cookie is being generated?

Login with your Okta url
Open a new tab (in the same browser window) and paste the url https://{yourOrgUrl}/api/v1/sessions/me (with your org info) in the address bar
If you see a user response then it’s working. If you see a Resource not found error then check if third-party cookies are being blocked in your browser.

For your widget code, are you using an OIDC flow? If not, then you need to use res.session.setCookieAndRedirect(url) to generate a session cookie first (which will perform a redirect). You’ll want to move the session.get() code outside of the if statement.

https://developer.okta.com/docs/guides/session-cookie/overview/#retrieving-a-session-cookie-by-visiting-a-session-redirect-link

kbrownblend360 · May 18, 2021, 8:13pm

I see, so the sign in from the widget is just an auth, it doesn’t set the session cookie. Maybe someone can help me think through this concept then:

I am trying to log in users programatically into Okta in my Next.JS app that contains pages with iframe embeds from an SSO SAML app integrated to Okta.

In my application, I built a login form and submit the login credentials to my own API which submits the credentials to the api/v1/authn endpoint.
I return the sessionToken to the application and set the location.href in the browser to {{org URL}}/login/setCookieRedirect with the sessionToken and redirect URL (welcome page) as query params.

This all works great, and signs the user into Okta and my SAML app, but I can’t get the active sessionId to hit any of the Session API endpoints. I want to refresh sessions as users continue to interact with the application so they don’t hit a wall when the session expires, but I can’t do that without the session ID.

Hitting the sessions/me endpoint from my app does not return the user’s session.

How can I refresh the user’s Okta dashboard session without having the session ID?

warren · May 18, 2021, 9:43pm

You can use the /api/v1/sessions/me/lifecycle/refresh endpoint if you have a frontend (javascript).
https://developer.okta.com/docs/reference/api/sessions/#refresh-current-session

You’ll want to set withCredentials or credentials to true so that the request is made with the session cookie from the browser.

kbrownblend360 · May 18, 2021, 10:27pm

THANK YOU! This is mentioned no-where in the documentation.

system · May 19, 2021, 10:28pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.