Skip to main content

Update an existing session

PATCH 

/v2beta/sessions/:sessionId

Update an existing session with new information.

Request

Path Parameters

    sessionId stringrequired

    "id of the session to update"

Body

required

    sessionToken string

    Possible values: non-empty and <= 200 characters

    "DEPRECATED: this field is ignored."

    checks

    object

    "Check for user and password. Successful checks will be stated as factors on the session."

    user

    object

    "checks the user and updates the session on success"

    userId string

    Possible values: non-empty and <= 200 characters

    loginName string

    Possible values: non-empty and <= 200 characters

    password

    object

    "Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

    password string

    Possible values: non-empty and <= 200 characters

    webAuthN

    object

    "Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."

    credentialAssertionData objectrequired

    Possible values: >= 55 characters and <= 1048576 characters

    JSON representation of public key credential issued by the webAuthN client

    idpIntent

    object

    "Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."

    idpIntentId string

    Possible values: non-empty and <= 200 characters

    ID of the idp intent, previously returned on the success response of the IDP callback

    idpIntentToken string

    Possible values: non-empty and <= 200 characters

    token of the idp intent, previously returned on the success response of the IDP callback

    totp

    object

    "Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

    code string

    Possible values: >= 6 characters and <= 6 characters

    otpSms

    object

    "Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

    code string

    Possible values: non-empty

    otpEmail

    object

    "Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

    code string

    Possible values: non-empty

    metadata

    object

    "custom key value list to be stored on the session"

    property name* byte

    challenges

    object

    webAuthN

    object

    domain stringrequired

    "Domain on which the session was created. Will be used in the WebAuthN challenge."

    userVerificationRequirement stringrequired

    Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED, USER_VERIFICATION_REQUIREMENT_REQUIRED, USER_VERIFICATION_REQUIREMENT_PREFERRED, USER_VERIFICATION_REQUIREMENT_DISCOURAGED]

    Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED

    "User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED the behaviour is for passkey authentication. Other values will mean U2F"

    otpSms

    object

    returnCode boolean

    otpEmail

    object

    sendCode

    object

    urlTemplate string

    Possible values: non-empty and <= 200 characters

    "Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."

    returnCode object
    lifetime string

    "duration (in seconds) after which the session will be automatically invalidated"

Responses

OK

Schema

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
    sessionToken string

    "The current token of the session, which is required for delete session, get session or the request of other resources."

    challenges

    object

    webAuthN

    object

    publicKeyCredentialRequestOptions object

    Options for Assertion Generaration (dictionary PublicKeyCredentialRequestOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrequestoptions

    otpSms string
    otpEmail string
Loading...