We are using a token to login without a login prompt in Apex 18.2. The URL will only work if we target page 1 (the login page). How do we use the token to login and open another page besides the login page? Also, is it possible to add a parameter in my URL that the page could reference?
Here is the code for the Authentication Scheme:
FUNCTION TOKEN_SENTRY_FUNCTION
RETURN BOOLEAN
IS
l_query_string VARCHAR2(4000) := SYS.OWA_UTIL.GET_CGI_ENV('QUERY_STRING');
l_token VARCHAR2(200);
l_username VARCHAR2(200);
l_session NUMBER;
BEGIN
-- don't do anything if user is already logged on
IF APEX_APPLICATION.G_USER <> 'nobody'
THEN
RETURN TRUE;
END IF;
-- grab the token value
l_token := REGEXP_SUBSTR
( srcstr => l_query_string
, pattern => '&X01=TOKEN:([^&]+)'
, modifier => 'i'
, subexpression => 1
);
-- QUERY_STRING contains something like p=116:1&x01=TOKEN:ABC
IF l_token IS NOT NULL
THEN
-- test token, see if it is
-- 1) found in token table
-- 2) unused
-- 3) still valid (max age x seconds)
SELECT USERNAME
INTO l_username
FROM apexlogontoken
WHERE TOKEN_STRING = l_token
-- AND USED_AT IS NULL
-- AND CREATED_AT < SYSDATE-1/24/60
;
-- mark token as used at current time
UPDATE apexlogontoken
SET USED\_AT = SYSDATE
WHERE TOKEN\_STRING = l\_token
;
-- is there already a session?
l\_session := APEX\_CUSTOM\_AUTH.GET\_SESSION\_ID\_FROM\_COOKIE;
IF l\_session IS NOT NULL
THEN
-- test if the session is still valid and get a new session id, if not valid
IF NOT APEX\_CUSTOM\_AUTH.IS\_SESSION\_VALID
THEN
l\_session := APEX\_CUSTOM\_AUTH.GET\_NEXT\_SESSION\_ID;
END IF;
ELSE
-- no session in cookie found, get a new session id
l\_session := APEX\_CUSTOM\_AUTH.GET\_NEXT\_SESSION\_ID;
END IF;
-- initialize the session
APEX\_CUSTOM\_AUTH.DEFINE\_USER\_SESSION (
l\_username,
l\_session);
RETURN TRUE;
END IF;
RETURN FALSE;
EXCEPTION
WHEN NO_DATA_FOUND THEN RETURN FALSE;
END;