How to Create SID (session id)

I have following use case and would like to create my own session id, can someone give directions

Step 1. Once user enters userid, password i call below okta rest api from a microservice
/api/v1/authn

Step 2. I get 200 (success) status code and SessionToken from above call

Step 3. I need to make a below call to create Session Id (SID)

https://${yourOktaDomain}/oauth2/v1/authorize?
client_id={clientId}&
response_type=id_token&
scope=openid&
prompt=none&
redirect_uri=https%3A%2F%2Fyour-app.example.com&
state=Af0ifjslDkj&
nonce=n-0S6_WzA2Mj&
sessionToken=0HsohZYpJgMSHwmL9TQy7RRzuY

My question is how to populate following parameter values for above okta api call ?
state
nonce

Thanks in advance.

Hi @lkeerthi,

You’re in the right direction.
The state and nonce values should be filled by the client, and these can be any value that you need.
Generally, clients generate a random value for each invocation and call the /authorize endpoint.
As to why we need the state and nonce values, read this -https://stackoverflow.com/questions/46844285/difference-between-oauth-2-0-state-and-openid-nonce-parameter-why-state-cou

At a high level, state value protects against CSRF attacks to the client, while nonce protects against replay attack.

Thanks for review and response @vijet .
Just one side question on this context, is there any api available to get Session Id (SID) without redirection ? Just request and response so that i can create Session Id cookie my self.
Thanks in advance.

Hi @lkeerthi,

You can use the Sessions API to set the session cookie yourself.
Take a look at this - https://developer.okta.com/docs/reference/api/sessions/#create-session-with-session-token
At a high level, you pass this endpoint the sessionToken you’ve obtained, and it’ll return you a session object.

Hope this helps. Good luck!

Thank you for right pointers @vijet. Yes, this what exactly i’m looking for for my use case.
Thank you again.

1 Like

@vijet -I’m able to get session object based on /api/v1/sessions api call.
Now i need to create a okta SSO cookie based on this session object. Can you suggest steps for that. Our platform uses other application which uses Okta SSO.
Thanks in advance.