This is a continuation of the discussion that was taking place in this thread;https://www.outsystems.com/forums/discussion/61503/getting-user-id-by-sessionid-from-rest-api/#Post300724
Use CaseThe OS server is the authority on who the users are and what they can access. Our javascript client libraries are able to make calls to REST endpoints of your choice to supply signed authentication and authorization tokens for the bearing user.
When a reactive web client calls the javascript client library signin method to establish a connection, the client library requests an authentication token from the OS server.
Problem
The Session_GetWebAppLoginInfo action works as expected when the javascript client library is used on the traditional web.
The Session_GetMobileAppLoginInfo does not work as expected and returns the "Invalid CSRF request" exception.
I have not tested this on a mobile application yet, as the goal was to use the reactive plugin on reactive web and mobile.
Implementation
Use the Session_GetWebAppLoginInfo and Session_GetMobileAppLoginInfo in the REST (Expose) OnAuthentication action to validate the platform user session and login.
Failover logic first checks the Session_GetWebAppLoginInfo, and if nothing is returned, tries the Session_GetMobileAppLoginInfo.
Thanks
To resolve the issue, I have set the X-Csrftoken using a javascript function on the reactive web client and the Session_GetMobileAppLoginInfo action returns as expected.
function sessionCRFToken () { const nr2Users = decodeURIComponent(('; '+document.cookie).split(`; nr2Users=`).pop().split(';')[0]); const crf = ('; '+ nr2Users).split(`; crf=`).pop().split(';')[0]; return crf;}
Is it possible that there is a bug in the Session_GetMobileAppLoginInfo action's behaviour?