1
votes

I'm using the onelogin REST api to log a user in: https://developers.onelogin.com/api-docs/1/samples/login-user-via-api.

I have followed all the steps successfully to generate a session token with no issues.

The documentation then says to post the session token to this url: https://admin.us.onelogin.com/session_via_api_token

However, when do the post to that URL with the session token it simply re-directs me to the onelogin Sign On Page.

Here is the c# code for the post. I have a valid session token in variable: session_token:

        string url = "https://admin.us.onelogin.com/session_via_api_token";

        StringBuilder postData = new StringBuilder();

        postData.Append("session_token=" + HttpUtility.UrlEncode(session_token) + "&");
        postData.Append("auth_token=" + HttpUtility.UrlEncode(""));

        //ETC for all Form Elements

        // Now to Send Data.
        StreamWriter writer = null;

        request = (HttpWebRequest)WebRequest.Create(url);
        request.Method = "POST";
        request.ContentType = "application/x-www-form-urlencoded";
        request.ContentLength = postData.ToString().Length;
        try
        {
            writer = new StreamWriter(request.GetRequestStream());
            writer.Write(postData.ToString());
        }
        finally
        {
            if (writer != null)
                writer.Close();
        }
1

1 Answers

1
votes

This appears to be server side code so this will never be able to successfully get a session with the end-user's browser.

In order for this flow to work properly, you need to redirect the end-user's browser to the https://admin.us.onelogin.com/session_via_api_token URL with just the auth_token value as a POST parameter.

All the above code will do is allow your back end server to get a session cookie, which doesn't help your end-user establish a session at all.

More details can be found here: https://developers.onelogin.com/api-docs/1/samples/login-user-via-api