I have following use case and would like to create my own session id, can someone give directions
Step 1. Once user enters userid, password i call below okta rest api from a microservice/api/v1/authn
Step 2. I get 200 (success) status code and SessionToken from above call
Step 3. I need to make a below call to create Session Id (SID)
https://${yourOktaDomain}/oauth2/v1/authorize?
client_id={clientId}&
response_type=id_token&
scope=openid&
prompt=none&
redirect_uri=https%3A%2F%2Fyour-app.example.com&
state=Af0ifjslDkj&
nonce=n-0S6_WzA2Mj&
sessionToken=0HsohZYpJgMSHwmL9TQy7RRzuY
My question is how to populate following parameter values for above okta api call ?state nonce
Thanks in advance.
vijet
August 18, 2020, 10:38pm
2
Hi @lkeerthi ,
You’re in the right direction.random value for each invocation and call the /authorize endpoint.https://stackoverflow.com/questions/46844285/difference-between-oauth-2-0-state-and-openid-nonce-parameter-why-state-cou
At a high level, state value protects against CSRF attacks to the client, while nonce protects against replay attack.
Thanks for review and response @vijet .
vijet
August 19, 2020, 5:00am
4
Hi @lkeerthi ,
You can use the Sessions API to set the session cookie yourself.https://developer.okta.com/docs/reference/api/sessions/#create-session-with-session-token
Hope this helps. Good luck!
Thank you for right pointers @vijet . Yes, this what exactly i’m looking for for my use case.
1 Like
@vijet -I’m able to get session object based on /api/v1/sessions api call.
system
January 24, 2024, 11:57pm
7
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.