Okta-Hosted flow, how to use Sessions API?

Hi, I wanted to know if there’s any way to consume this endpoints from a middleware application secured through a hosted flow:

https://developer.okta.com/docs/reference/api/sessions/#get-current-session
https://developer.okta.com/docs/reference/api/sessions/#refresh-current-session

We have an scenario where we need to go through this middleware to check if the okta session is alive then extend it (at the authentication server level).
If I understood the documentation properly we need a session token to get a session cookie that would allow us to consume this endpoints, but I can’t find a way to get the session token in the first place.
Thanks a lot in advance!

Hi Pakun,

When you login to Okta, a session cookie is set in the browser. You can test this by logging into your Okta org and then pasting https://${yourOktaDomain}/api/v1/sessions/me in the address bar.

This article explains how to retrieve a session token using the /authn endpoint and exchanging that session token for a session cookie:
https://developer.okta.com/docs/guides/session-cookie/overview/#retrieving-a-session-cookie-via-openid-connect-authorization-endpoint

1 Like

Hi Warren,

Thank you very much for helping me, I’'m able to consume this endpoint without problems:
https://${yourOktaDomain}/api/v1/sessions/me

but I’m getting this when tryng to consume this one:

https://${yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh

{“errorCode”:“E0000022”,“errorSummary”:“The endpoint does not support the provided HTTP method”,“errorLink”:“E0000022”,“errorId”:“oaeetCrG8IgSBKyBHQcw4whTQ”,"errorCauses

Nevermind, checking the session status is also extending it so there’s no need to call the refresh endpoint. Now my question is: Is there any way to check if the session is alive without extending it?

Thank you for your help and your patience

Hi @Pakun

You can do an initial request on /api/v1/sessions/me when the user authenticates or leverage the session management under Admin >> Security >> Authentication >> Sign On >> policy under which the user falls under >> rule under which the user falls under. If you are using the Developer Console interface, you can switch to Classic UI by hovering over the text on top left corner inside the administrative console.

1 Like