AuthHandoverState
Introduction and overview
This AuthState is used to replace an authenticated session with the session of another user. This pattern is used, e.g., for co-browsing support, where a call-center agent was authorized to act as the user on the phone.
Description
The following table describes the characteristics of the AuthState.
Topic | Description |
---|---|
Class | ch.nevis.esauth.auth.states.standard.AuthHandoverState |
Logging | StdStates |
Auditing | none |
Properties | none |
Methods | process (all events) |
Input | transferhandle (caller, optional)This field contains the handover handle, used to look for the other user's session. The handle can also be sent as an HTTP authorization header: Authorization: Basic <base64encode("transferhandle:" + value) |
Transitions | ok: Session handover was successful. |
invalid: No transfer handle was presented or the referenced session was not found. | |
Output | none |
Errors | 1: No session found for handle |
Notes | none |
Example
<AuthState name="Handover" final="false"
class="ch.nevis.esauth.auth.states.standard.AuthHandoverState">
<ResultCond name="ok" next="AuthDone"/>
<ResultCond name="invalid" next="Handover"/>
<Response value="AUTH_ERROR">
<Gui name="ErrorDialog">
<GuiElem name="error" type="error" label="No session to handover" value="9"/>
</Gui>
</Response>
</AuthState>