OAuth session management
Session management
Sessions track OAuth2 and OpenID connect interactions. The Generic OAuth2 rule has a
Time-To-Live setting that controls the length of a session. Snaplex session management APIs
let Environment admins view who has active OAuth or OIDC sessions and manage them. The following
APIs list session details and delete sessions as needed, where
<Load_Balancer>|<node> is either the address of the load
balancer or a Snaplex node:
| Purpose | API Call |
|---|---|
| List all sessions | GET
<Load_Balancer>|<node>/api/1/rest/rule/session |
| List a specific session | GET
<Load_Balancer>|<node>/api/1/rest/rule/session/<Session_Id> |
| Delete a specific session | DEL
<Load_Balancer>|<node>/api/1/rest/rule/session/<Session_Id> |
| Delete all sessions | DEL
<Load_Balancer>|<node>/api/1/rest/rule/session |
Important: These APIs don't apply to the Time-To-Live settings in the Callout
Authenticator API rule.
The session management details returned includes the session ID and user or
client
details upon making the call. Below is the sample response upon using the GET HTTP
method:
[
{
"type": "TaskSession$OauthSession",
"username": "105450719975802175246",
"roles": [
"openid",
"email",
"profile"
],
"session_id": "0f9eb160-b5ed-4cba-94ea-b5a3ae1fc9e0",
"expires_at": 1718323653745
},
{
"type": "TaskSession$OauthSession",
"username": "105450719975802175246",
"roles": [
"openid",
"email",
"profile"
],
"session_id": "79258c26-e361-46c5-9588-5301434a738a",
"expires_at": 1718323838403
}
]Note:
- If no session is created and an API for the session ID is called, the response returned contains an empty list.
- A session ID that’s been previously deleted will return a
404 status codefor the next GET request.