Optional Session Context String¶
A Session Context String may be returned from the authentication process. Office for iOS will pass this string, in an HTTP header, in calls to the token endpoint URL (RFC 6749#section-3.2) and authenticated calls to the bootstrapper (GetNewAccessToken, Shortcut operations).
The Session Context String is optional, and for the use of the storage provider. A possible scenario would be to include a hint about a “tenant” so endpoints can know where they need to fetch and/or validate tokens.
The contents of the
sc=parameter must be URL encoded.
For example, to return the following information:
Redirection URI is https://localhost
Authorization code (RFC 6749#section-4.1.2) is “abcdefg”
Session Context String is “hello:World”
If present, the session context string will be included as an HTTP header when calls are made to the token exchange endpoint, and OAuth2 authenticated calls to the bootstrapper (GetNewAccessToken, Shortcut operations) as follows: