Session management usage
Use Case Scenario
This scenario does not try to demonstrate a real-world scenario. It just demonstrates some of the capabilities of the session management functionality.
In this example, the following sequence of steps will be used:
- Client retrieves current session.
- Client retrieves all sessions.
- Client logs out a specific session, but not the current one.
- Client retrieves all sessions – logged-out session is not longer on the list.
Step 1 – Client retrieves current session
To retrieve the current session, the client must supply a valid access token as a bearer token:
Get Current Session Request
GET https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/session/ Authorization: Bearer eyJraWQ...RNLJs9_3-Vw
In response, the authorization server will respond with the attributes of the current session:
Get Current Session Response
200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-09-07T14:07:54.086Z"
},
"data": {
"type": "oauth2-session",
"id": "kQBhsGhsBfrhUx8t8jBKLfobSZyK4bDA6wTddCRc",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T13:43:54.139Z",
"authenticationTimestamp": "2020-09-07T13:43:22.890Z"
}
}
} Step 2 – Client retrieves all sessions
To retrieve all sessions, the client must supply a valid access token as a bearer token:
Get ALL Sessions Request
GET https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/sessions/ Authorization: Bearer eyJraWQ...RNLJs9_3-Vw
The above requests use the sessions endpoint instead of the session endpoint from the request in Step 1.
In response, the authorization server will respond with the attributes of all sessions associated with this user:
Get ALL Sessions Response
200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-09-07T14:01:36.958Z"
},
"data": [
{
"type": "oauth2-session",
"id": "qk2aBBxYXVsQFUEiM7ts95Sq9sm8DkqyNzoxeypt",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T12:00:12.086Z",
"authenticationTimestamp": "2020-09-07T11:59:46.759Z"
}
},
{
"type": "oauth2-session",
"id": "2zfpD9SkBQ6ZmSVx6pyfrqPKew2obTYG8wfeFSXz",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T07:01:32.693Z",
"authenticationTimestamp": "2020-09-07T06:59:54.445Z"
}
},
{
"type": "oauth2-session",
"id": "uTAGooeGbRPuMDY7knTdnBKdmaF9n4th3DboL91T",
"attributes": {
"customAttributes": {},
"clientId": "0a6b3f94-f872-4399-850c-072cd58ee7e9",
"consentTimestamp": "2020-09-07T08:59:32.066Z",
"authenticationTimestamp": "2020-09-07T08:50:00.686Z"
}
},
{
"type": "oauth2-session",
"id": "kQBhsGhsBfrhUx8t8jBKLfobSZyK4bDA6wTddCRc",
"attributes": {
"customAttributes": {},
"clientId": "oidc-client",
"consentTimestamp": "2020-09-07T13:43:54.139Z",
"authenticationTimestamp": "2020-09-07T13:43:22.890Z"
}
}
]
}Step 3 – Logout a specific session
To retrieve the current session, the client must supply a valid access token as a bearer token:
Get Current Session Request
DELETE https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/sessions/qk2aBBxYXVsQFUEiM7ts95Sq9sm8DkqyNzoxeypt/ Authorization: Bearer eyJraWQ...RNLJs9_3-Vw
In response the authorization server will respond with the attributes of the current session:
Get Current Session Response
204 OK
Step 4 – Client retrieves all sessions
Step 4 is identical to Step 2 but will only return 3 results. The session deleted in Step 3 is no longer returned.