OAuth Cookies

If OAuth is being used, when the user (resource owner) authenticates with the authentication server, the platform generates an OAuthToken_{OAuthProviderName} cookie. This cookie identifies the logged-in user and the specific roles associated with the user. The app then uses this cookie in subsequent requests to the platform's OAuth Provider, for session management and grant administration, until grant authorization is complete. For non-browser scenarios, the app must save this cookie and include it in every request.

Below is an example of an OAuthToken_{OAuthProviderName} cookie returned by the POST /oauth/login/renewToken operation in the Set-Cookie header. Line breaks have been added for display reasons.

Set-Cookie: OAuthToken_acmepaymentscorp: TokenID%3D57d30fc7-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3DLDAP_acmepaymentscorp%5Ceng100
%2CissueTime%3D1436207972636%2CexpirationTime%3D1436208572626%2Csig%3DlOsIenU6JM-dYquJKhKMdKarQRtef4ALY5Abuls7KV5jaPgWapM1w0Y
thq0I1hJvMJ7xlWj8haU3OvM4b6I3LgGWGvw5_Uws935JKLW57xiti_UC2IvxFDrAIg4xx2k-x-icqUDsWfVGNfjWlun43_uRM667RjGOkh_ZmU2xq0Q

The example below is returned by the GET /oauth/auz/grants/{GrantID}/authcomplete operation in the context of the platform.

Set-Cookie: AtmoAuthToken_acmepaymentscorp: TokenID%3D480a3a7c-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3Durn%3Aacmepaymentscorp%3Auser
%3Aacmepaymentscorp%3A8fb17266-354a-4032-96fb-2208ae7b4da4%2CissueTime%3D1436207946162%2CexpirationTime%3D1436209746144%2CAttributes
Included%3Dfalse%2CUserFDN%3D8fb17266-354a-4032-96fb-2208ae7b4da4%252Eacmepaymentscorp%2CUserName%3Dadminacmepaymentscorp%2Csig
%3Dd5YEgxmZQaCgfp64gs0EL1ttryepO3kWTwu4gO12OxLF6sjpcrojVKUf0X8heu9eoi8WlEd9ZIN7vPNgi6pu-XZ883L-OkD9fYnN4ktbRPwHQ2Phaa1H1bXaCpfgpeI8q6u
DjeqX_awH70N6-QQKrhF5n9Lm5PYCKciKNWTSWVooauthRedirectInfoCookie: %7B%22accessTokenUrl%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22
%2C%22providerEndpoint%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22%2C%22queryString%22%3A%22session_key%3Dapiv%253D090888
a5-27f8-454e-8319-c7900d1da4bc.acmepaymentscorp%2526scope%253DScope1%2526appRuntimeId%253D5tRKCWjfz599pLJ8Te4tvn1D.acmepaymentscorp
%2526granttype%253Dauthorization_code%2526policy_type%253DOAuth%2525202.0%2526appsecret%253De4d5949f72473acc151b34065f69169099ebe732
%2526appid%253Dacmepaymentscorp-5tRKCWjfz599pLJ8Te4tvn1D%2526token_url%253Dhttp%253A%252F%252F{hostname}%252Foauth%252Foauth20%252Ftoken%
2526opname%253DGetDiscussions%2526policy_key%253Doauth%2526guid%253Daf880c48-1389-4da4-98e5-2fb29dcca155%2526auz_url%253Dhttp%253A
%252F%252F{hostname}%252Foauth%252Fauz%252Fauthorize%2526callback%253Dhttp%253A%252F%252F{hostname}%252Fui%252Fapps%252Facmepaymentscorp
%252F_VcuNfhlXb0PE8hHDxAx9OhA%252Fresources%252Fconsole%252Fglobal%252Foauthclientredirect.html%253Fdynamic%25253Dtrue
%2526signature_method%253DSharedSecret%2526apienv%253DProduction%2526token_verb%253DPOST%22%7D
OAuthToken_acmepaymentscorp: TokenID%3D57d30fc7-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3DLDAP_acmepaymentscorp%5Ceng100
%2CissueTime%3D1436207972636%2CexpirationTime%3D1436208572626%2Csig%3DlOsIenU6JM-dYquJKhKMdKarQRtef4ALY5Abuls7KV5jaPgWapM1w0Y
thq0I1hJvMJ7xlWj8haU3OvM4b6I3LgGWGvw5_Uws935JKLW57xiti_UC2IvxFDrAIg4xx2k-x-icqUDsWfVGNfjWlun43_uRM667RjGOkh_ZmU2xq0Q

Related Topics