Create a new session for an App using an existing session bearer token.

  • Published on Jul 8, 2025
  • 2 minute(s) read
Prev Next
Post
/sys/v1/session/reauth

Create a new session for an App using an existing session bearer token.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Responses
2XX

Success result

Expand All
object
token_type
string
Valid values[ "Bearer", "Cookie" ]
expires_in
integer
Minimum0
Maximum4294967295
access_token
string

Token value that the client should subsequently pass in Authorization header.

entity_id
string (uuid)
challenge
object
u2f_challenge
string
u2f_keys
Array of object (U2fRegisteredKey)
object
keyHandle
string
version
string
fido2_assertion_options
object
challenge
string (byte)
timeout
integer | null

The time for which response from the authenticator would be awaited. This should only be a hint as per the spec. This is in milliseconds.

rpId
string | null

This optional member specifies the relying party identifier claimed by the caller. If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain.

allowCredentials
Array of object (PublicKeyCredentialDescriptor) | null

This OPTIONAL member contains a list of [PublicKeyCredentialDescriptor] objects representing public key credentials acceptable to the caller, in descending order of the caller’s preference (the first item in the list is the most preferred credential, and so on down the list).

object
type
string

https://www.w3.org/TR/webauthn-2/#enum-credentialType

This enum defines valid cred types.

Valid values[ "public-key" ]
id
string (byte)
transports
Array of object (AuthenticatorTransport) | null

Hints by relying party on what transport client should use to communicate with authenticator.

Hints by relying party on how client should communicate with the authenticator.

https://www.w3.org/TR/webauthn-2/#enum-transport

OneOf
string
string
Valid values[ "usb", "nfc", "ble", "internal" ]
string
string
userVerification
string

https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement https://www.w3.org/TR/webauthn-2/#user-verification

Valid values[ "required", "preferred", "discouraged" ]
extensions
object
appidExclude
string | null

This extension excludes authenticators during registration based on legacy u2f key handles specified in "excludeCredentials". If that key handle was created with that device, it is excluded.

https://www.w3.org/TR/webauthn-2/#sctn-appid-exclude-extension

appid
string | null

This extension allows RPs that have previously registered a cred using legacy U2F APIs to request an assertion.

https://www.w3.org/TR/webauthn-2/#sctn-appid-extension

example.extension.bool
boolean | null

Dummy extension used by conformance tests

allowed_mfa_methods
Array of object (MfaAuthMethod) | null
OneOf
MfaAuthMethodVariantFido2
object (MfaAuthMethodVariantFido2)
Fido2
object
challenge
object
challenge
string (byte)
timeout
integer | null

The time for which response from the authenticator would be awaited. This should only be a hint as per the spec. This is in milliseconds.

rpId
string | null

This optional member specifies the relying party identifier claimed by the caller. If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain.

allowCredentials
Array of object (PublicKeyCredentialDescriptor) | null

This OPTIONAL member contains a list of [PublicKeyCredentialDescriptor] objects representing public key credentials acceptable to the caller, in descending order of the caller’s preference (the first item in the list is the most preferred credential, and so on down the list).

object
type
string

https://www.w3.org/TR/webauthn-2/#enum-credentialType

This enum defines valid cred types.

Valid values[ "public-key" ]
id
string (byte)
transports
Array of object (AuthenticatorTransport) | null

Hints by relying party on what transport client should use to communicate with authenticator.

Hints by relying party on how client should communicate with the authenticator.

https://www.w3.org/TR/webauthn-2/#enum-transport

OneOf
string
string
Valid values[ "usb", "nfc", "ble", "internal" ]
string
string
userVerification
string

https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement https://www.w3.org/TR/webauthn-2/#user-verification

Valid values[ "required", "preferred", "discouraged" ]
extensions
object
appidExclude
string | null

This extension excludes authenticators during registration based on legacy u2f key handles specified in "excludeCredentials". If that key handle was created with that device, it is excluded.

https://www.w3.org/TR/webauthn-2/#sctn-appid-exclude-extension

appid
string | null

This extension allows RPs that have previously registered a cred using legacy U2F APIs to request an assertion.

https://www.w3.org/TR/webauthn-2/#sctn-appid-extension

example.extension.bool
boolean | null

Dummy extension used by conformance tests

challenge_token
string (byte)
mfa_devices
Array of object (MfaDevice)
object
name
string

Name given to the FIDO device.

Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
type
string

Type of MFA device

Valid values[ "U2f", "Fido2" ]
origin
string | null

Origin of the FIDO device.