I’m working on rewriting an existing backend Java Okta integration using the okta-auth-java lib. Our previous integration was interfacing with the HTTP API directly and we’d like to clean that up with the sdk. The application uses step-up authentication. After authenticating and verifying any required factors, I get a SUCCESS response, but it has a null sessionToken. It instead has a next link that when visited, will set an “sid” cookie and redirect back to our application.
Unfortunately, our app validates the session on all subsequent requests after successful login in a custom manner and uses a custom cookie rather than sid to do so. During initial authentication, our current backend code actually makes a GET request to the next link and parses the Set-Cookie headers to grab the session id and then sets the aforementioned custom cookie instead. To reduce the risk of the changes I’m making, if possible, I’d like to maintain the current custom cookie behavior, but would like to avoid having to parse the Set-Cookie header. Ideally, I’d like to get a sessionToken back from the API and then create the session via the Sessions API. Is this possible?
Any help or suggestions would be much appreciated.