Hi Julian,
No, you don't have to be logged in in the same browser (or more precisely, on the same WebSEAL) as that would make the function pretty useless. In fact, you will probably get an error if you try to call this service with an active session.
What this service does is exchange an access token for a session cookie. We use it in the context of mobile applications which access parts of a legacy application via webview. You exchange the token for an cookie and access the application like you would through a browser.
For new developments I would recommend to use OAuth for your calls.
Kind regards,
Laurent
------------------------------
Laurent LA Asselborn
------------------------------
Original Message:
Sent: Tue January 31, 2023 10:50 PM
From: Julian Fazri
Subject: Session Verification through ISAM API
Hi Tushar,
From link you give above, so there's a URL that the client uses the endpoint to obtain an authenticated web session?
Do the client needs to login through Webseal first on the same browser or not?
Thanks.
Julian Fazri
------------------------------
Julian Fazri
Original Message:
Sent: Mon January 30, 2023 03:45 AM
From: Tushar Prasad
Subject: Session Verification through ISAM API
Here are different oauth endpoints
https://www.ibm.com/docs/en/sva/10.0.5?topic=support-oauth-20-endpoints
and further on Oauth and oidc support for verify access
https://www.ibm.com/docs/en/sva/10.0.5?topic=configuration-oauth-20-oidc-support
You can have further discussion with application architect to understand the requirement and how verify access can be used in the context.
------------------------------
Tushar
Tushar
Original Message:
Sent: Sun January 29, 2023 09:08 PM
From: Julian Fazri
Subject: Session Verification through ISAM API
Hi Tushar,
Actually application team recommend for using Oauth. But, we're still confusing regarding their request to validate the session or token or something, that's what we want to asked can it be requested through api?
Thanks.
Julian
------------------------------
Julian Fazri
Original Message:
Sent: Thu January 26, 2023 03:10 AM
From: Tushar Prasad
Subject: Session Verification through ISAM API
HI
For administrative purpose, if you are using dsc, then there is a validate. but that not to be used for every request, so may not help for your use case.
looks more of an Oauth based use case.
------------------------------
Tushar
Tushar
Original Message:
Sent: Thu January 26, 2023 02:46 AM
From: Julian Fazri
Subject: Session Verification through ISAM API
Dear All,
Is it possible for application to verify the session from ISAM API? For example from their want to verify the users has session in ISAM or not, if yes they can access some of the application function. I am already check in the document, but I got nothing or miss about it.
So, is there any possibility from application back-end to verify the user session through ISAM API? If yes can you attach a document about it?
Thanks.
Best Regards,
Julian
------------------------------
Julian Fazri
------------------------------