Reputation: 3
Can I use the Java SDK for the Okta API to check for the existence of an Okta Session created by a user sign-on?
I am working on putting an internal Java web application behind Okta for authentication. In order to do this I want to use API calls to check for a current Okta Session.
The Session API provides methods for validating a session via a sessionToken. However, this means that the Session must also be created within the application by calling the Authentication API and then using the Session API to create a session and receive said sessionToken.
I would like to check for a current session that was created by a user signing into Okta prior to visiting the custom application. Then, I would check if the status of the Session is ACTIVE. I could then redirect them to the correct area of my application. Otherwise, if the status was not ACTIVE, I would redirect them to my company's Okta sign-in page.
Is there a way to leverage the API to check the status of an existing Okta Session that was created by an Okta sign-on (not by a previous Session API call)?
Thanks for your help!
Upvotes: 0
Views: 820
Answers (1)
Reputation: 1
Yes you can achieve this by using the /sessions/me API in a cookie-compliant client (such as a browser).
You can look at how I perform that check to display the Okta sign in widget in my code sample available at https://github.com/rlondner/okta-oidc-spa-authjs-siw.
I hope this helps!
Upvotes: 0
Related Questions
- Get token from OKTA API - Java (plain) example
- Okta API - authn always returns Invalid Session
- Is it ok to use Okta Authentication API to authenticate users connecting to a server?
- Single Sign On with Okta session
- Okta Secure Web Authentication Session Id
- How to generate Okta access token programmatically?
- OKTA token for API access
- OKTA Session Id Retrieval
- Can you use Okta REST API to login a user and get SAML2 response back
- Invalid session when trying to create a session in OKTA