Results 1 to 4 of 4

Thread: SOAP AuthRequest Question

  1. #1
    Join Date
    Nov 2007
    Location
    Detroit, MI
    Posts
    67
    Rep Power
    8

    Default SOAP AuthRequest Question

    Hello, I have a question wrt/ the way the SOAP AuthRequest works. I'm trying to validate a users ZM_AUTH_TOKEN cookie and it appears as if the way to do this via SOAP, is with an AuthRequest. In the SOAP docs for AuthRequest, it mentions:

    "an authToken can be passed instead of account/password/preauth to validate an existing auth token."

    However, the same authToken seems to validate with any User ID..

    For example, if I log in as user@zimbraserver.edu, and then issue the following AuthRequest with their cookie:

    Code:
    <AuthRequest xmlns="urn:zimbraAccount">
    <account by="id">user@zimbraserver.edu</account>
    <authToken>0_80d73a1141595a4daaef1af9853055c450....[long]...</authToken>
    </AuthRequest>
    
    I get the Response:
    
    <AuthResponse xmlns="urn:zimbraAccount">
    <authToken>0_80d73a1141595a4daaef1af9853055c450....[long]...</authToken>
      <lifetime>172046740</lifetime>
      <sessionId id="1577">1577</sessionId>
      <skin>beach</skin>
    </AuthResponse>
    I appears to get a response as if it has set a session for user@zimbraserver.edu instead of validating an existing session. If I issue subsequent requests with the same ZM_AUTH_TOKEN as different users, it returns a new session too.

    So the question is: How do I do, as the docs say: validate an existing ZM_AUTH_TOKEN. And am I on the right track with using AuthRequest? Thank you for any help here!

  2. #2
    Join Date
    Jul 2007
    Location
    Buffalo, NY
    Posts
    7
    Rep Power
    8

    Default

    Have you had any luck with this? I am currently having the same issue...
    Jon

  3. #3
    Join Date
    Nov 2007
    Location
    Detroit, MI
    Posts
    67
    Rep Power
    8

    Default

    This was a while ago, but I believe I had mis-understood the term "validate" in the docs. However, it turns out that you can run SOAP commands as the user in question directly to verify the validity of their token:

    1) Get the value of the users ZM_AUTH_TOKEN cookie
    2) Bind to the local SOAP api as that user, with their AuthToken at: https://127.0.0.1/service/soap/
    3) Run a soap call like: GetInfoRequest

    If the user is not valid (cookie is not valid), the SOAP api will tell you. If the session is valid, their username will be returned in the GetInfoRequest SOAP return, which you can use for your program logic..

    At least this is the way I ended up solving my problem =)

    Hope this helps.

    -Rob

  4. #4
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default

    To validate an auth token, omit the <account> element from the AuthRequest:

    <AuthRequest xmlns="urn:zimbraAccount">
    <authToken>0_80d73a1141595a4daaef1af9853055c450... .[long]...</authToken>
    </AuthRequest>
    Bugzilla - Wiki - Downloads - Before posting... Search!

Similar Threads

  1. Cancel And Modify Appointments SOAP Question
    By noleman16 in forum Developers
    Replies: 2
    Last Post: 01-11-2008, 11:18 AM
  2. Calendar Insert SOAP Question
    By phingers in forum Developers
    Replies: 0
    Last Post: 09-26-2007, 08:02 AM
  3. Zimbra SOAP Question
    By jonnybravo in forum Developers
    Replies: 8
    Last Post: 07-26-2007, 05:09 PM
  4. SOAP question
    By dbarnett in forum Developers
    Replies: 6
    Last Post: 11-17-2006, 11:48 AM
  5. Question on SOAP compatibility
    By Robin Diederen in forum Developers
    Replies: 3
    Last Post: 09-19-2006, 02:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •