This scenario does not try to demonstrate a real-world scenario. It just demonstrates some of the capabilities of the session management functionality.
In this example, the following sequence of steps will be used.:
To retrieve the current session, the client must supply a valid access token as a bearer token.
Get Current Session Request
GET https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/session/ Authorization: Bearer eyJraWQ...RNLJs9_3-Vw
In response, the authorization server will respond with the attributes of the current session.
Get Current Session Response
200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-09-07T14:07:54.086Z"
},
"data": {
"type": "oauth2-session",
"id": "kQBhsGhsBfrhUx8t8jBKLfobSZyK4bDA6wTddCRc",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T13:43:54.139Z",
"authenticationTimestamp": "2020-09-07T13:43:22.890Z"
}
}
} To retrieve all sessions, the client must supply a valid access token as a bearer token.
Get ALL Sessions Request
GET https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/sessions/ Authorization: Bearer eyJraWQ...RNLJs9_3-Vw
The above requests use the "sessions" endpoint instead of the "session" endpoint from the request in step 1.
In response, the authorization server will respond with the attributes of all sessions associated with this user.
Get ALL Sessions Response
200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-09-07T14:01:36.958Z"
},
"data": [
{
"type": "oauth2-session",
"id": "qk2aBBxYXVsQFUEiM7ts95Sq9sm8DkqyNzoxeypt",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T12:00:12.086Z",
"authenticationTimestamp": "2020-09-07T11:59:46.759Z"
}
},
{
"type": "oauth2-session",
"id": "2zfpD9SkBQ6ZmSVx6pyfrqPKew2obTYG8wfeFSXz",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T07:01:32.693Z",
"authenticationTimestamp": "2020-09-07T06:59:54.445Z"
}
},
{
"type": "oauth2-session",
"id": "uTAGooeGbRPuMDY7knTdnBKdmaF9n4th3DboL91T",
"attributes": {
"customAttributes": {},
"clientId": "0a6b3f94-f872-4399-850c-072cd58ee7e9",
"consentTimestamp": "2020-09-07T08:59:32.066Z",
"authenticationTimestamp": "2020-09-07T08:50:00.686Z"
}
},
{
"type": "oauth2-session",
"id": "kQBhsGhsBfrhUx8t8jBKLfobSZyK4bDA6wTddCRc",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T13:43:54.139Z",
"authenticationTimestamp": "2020-09-07T13:43:22.890Z"
}
}
]
}To retreive the current session, the client must supply a valid access token as a bearer token.
Get Current Session Request
DELETE https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/sessions/qk2aBBxYXVsQFUEiM7ts95Sq9sm8DkqyNzoxeypt/ Authorization: Bearer eyJraWQ...RNLJs9_3-Vw
In response the authorization server will respond with the attributes of the current session.
Get Current Session Response
204 OK
Step 4 is identical to step 2 but it will only return 3 results. The session deleted in step 3 is no longer returned.