How to retrive Session information based on SessionId using Pyhton

I’m using /api/v1/sessions/me on the browser to get the active session of the user. here I get userID and SessionID. same I’m passing to my Python backend where I need to verify do any session is active for same user with UserID and SessionID received from the frontend.

I have tried /api/v1/sessions/{sessionID} but this API every time return the below error.
{
“errorCode”: “E0000005”,
“errorSummary”: “Invalid session”,
“errorLink”: “E0000005”,
“errorId”: “oae3OEdOw8GRROwdNRbxxIGtQ”,
“errorCauses”:
}

Is there a way to check does user logged in and the session is active for given session id.

How are you authorizing the call from your Python backend, are you including an Authorization header? That “Invalid session” error usually means that there aren’t sufficient admin permissions in the authorization for the call

@andrea
This is how I’m trying to get a session with APIKey in Header. I Have generated an API Key from OKTA Dashboard.

import requests

url = "https://<sub_domain>.okta.com/api/v1/sessions/<session_id>"

payload={}
headers = {
  'Authorization': 'SSWS <api_key>'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

I have created API Key Using Super Admin Credentials, so I believe API Key is also having Super Admin rights.

That looks right. Have you tried making the same request in Postman/curl? Attaching my own request for reference.

Screen Shot 2022-03-10 at 11.34.09 AM2030×968 120 KB

Thanks for taking a look at this. I have tried something and still no luck.

curl --location --request GET 'https://mydomain.okta.com/api/v1/sessions/idxL8iyWYcJRFa-dLroWVsYxA' \
--header 'Authorization:SSWS <my_token>' \

Error

{
    "errorCode": "E0000007",
    "errorSummary": "Not found: Resource not found: idxL8iyWYcJRFa-dLroWVsYxA (AppSession)",
    "errorLink": "E0000007",
    "errorId": "oaen_M_-1o9RAuPydBPQ2uNbA",
    "errorCauses": []
}

I do check does session exists. using

image834×124 31.5 KB

hmmm… I don’t see anything wrong with your request, especially if a GET to /sessions/me works in the browser while user is logged in. The okta domain is definitely the same in both URLs?

@andrea

The okta domain is definitely the same in both URLs?

Yes, both of the requests have the same OKTA domain.

Then I’m not sure why this isn’t working for you. If you use our Sessions Postman Collection instead of Python Requests, does it work?

@andrea

Still no luck, it’s not working with OKTA’s postman collection aswell.

image1843×714 95.3 KB

Ah! It looks like you’re on an Org using Identity Engine, and per our FAQ over here, /sessions/${sessionId} is not supported for idx user sessions: Understand how sessions work after the upgrade to Okta Identity Engine | Okta Developer.

Maybe we can find you an alternate solution. What kind of information are you looking to get back from Okta on your Python backend?

@andrea
Here is what I’m trying to archive with OKTA.

I’m using Python 3.8 and FAST API. where I need OKTA SAML to be configured to protect some of my REST API endpoints.

Our Requirements.

1. Let user configure their SSO config with our system.
2. Based on their SSO config we will redirect the user to the OKTA login screen.
3. Users will provide their login details on the OKTA login screen and on successful login user will get redirected to call back URL configured on OKTA APP.
4. Digest OKTA response from login success redirection.
5. Let the user log in and access our rest API.
6. Here we expect users to be logged in the client’s browser as and the same should reflect in the Fast API back-end as well.

What we are expecting from OKTA.

1. Do we have any open source git project or library which can demonstrate how Okta SAML login flow can be integrated with Pyhton3 and FAST API.
2. Documentation which shows step by step instructions to set up everything.
3. Your suggestion for our requirements.