Skip to main content
Version: 4.25.x.x LTS

AuthHandoverState

Introduction and overview

This AuthState is used to replace an authenticated session with the session of another user. This pattern is used, e.g., for co-browsing support, where a call-center agent was authorized to act as the user on the phone.

Description

The following table describes the characteristics of the AuthState.

TopicDescription
Classch.nevis.esauth.auth.states.standard.AuthHandoverState
LoggingStdStates
Auditingnone
Propertiesnone
Methodsprocess (all events)
Inputtransferhandle (caller, optional)This field contains the handover handle, used to look for the other user's session. The handle can also be sent as an HTTP authorization header: Authorization: Basic <base64encode("transferhandle:" + value)
Transitionsok: Session handover was successful.
invalid: No transfer handle was presented or the referenced session was not found.
Outputnone
Errors1: No session found for handle
Notesnone

Example

<AuthState name="Handover" final="false"
class="ch.nevis.esauth.auth.states.standard.AuthHandoverState">
<ResultCond name="ok" next="AuthDone"/>
<ResultCond name="invalid" next="Handover"/>
<Response value="AUTH_ERROR">
<Gui name="ErrorDialog">
<GuiElem name="error" type="error" label="No session to handover" value="9"/>
</Gui>
</Response>
</AuthState>