Session Creation
The following outlines the steps in the authentication and redirect flow for Interactions session creation.
- Upon choosing to create the session within the Interactions QM UI, a
POST /api/v1/nonce call is made to Replay Server with the current users IAM JWT accessToken.
- Replay Server authentication middleware verifies the JWT before issuing and returning a one time use nonce created for the
userId and tenant of that user. This is stored in a nonces table with an expiration.
- The user is redirected to the customer site with
?nonce=<nonce> parameter appended tot he URL.
- Capture running on the customer site grabs the
<nonce> parameter and makes a POST /api/v1/tokens call to Replay Server
- Replay Server authentication middleware verifies the nonce exists and is not expired before issuing a new IAM JWT token for the
userId and tenant . This call is made behind an IAM call in sdk-go.
- Once the new IAM JWT is created, it is encrypted and returned to the user.
- All future calls to Replay Server will be authenticated in middleware using the encrypted JWT.
