mirror of
https://github.com/zitadel/zitadel.git
synced 2025-04-23 01:11:45 +00:00
5b1160de1e
# Which Problems Are Solved The session update requires the current session token as argument. Since this adds extra complexity but no real additional security and prevents case like magic links, we want to remove this requirement. We still require the session token on other resouces / endpoints, e.g. for finalizing the auth request or on idp intents. # How the Problems Are Solved - Removed the session token verifier in the Update Session GRPc call. - Removed the session token from login UI examples session update calls # Additional Changes - none # Additional Context - Closes #7883
25 lines
673 B
Plaintext
25 lines
673 B
Plaintext
|
|
Now that you have successfully authenticated in the browser, you can update the session of the user.
|
|
Fill the webAuthN checks with the credential assertion data you get from the browser.
|
|
|
|
More detailed information about the API: [Update Session Documentation](/apis/resources/session_service/session-service-set-session)
|
|
|
|
Example Request:
|
|
|
|
```bash
|
|
curl --request PATCH \
|
|
--url https://$ZITADEL_DOMAIN/v2beta/sessions/218480890961985793 \
|
|
--header 'Accept: application/json' \
|
|
--header 'Authorization: Bearer '"$TOKEN"''\
|
|
--header 'Content-Type: application/json' \
|
|
--data '{
|
|
"checks": {
|
|
"webAuthN": {
|
|
"credentialAssertionData": {}
|
|
}
|
|
}
|
|
}'
|
|
```
|
|
|
|
|