Hello, I have a question wrt/ the way the SOAP AuthRequest works. I'm trying to validate a users ZM_AUTH_TOKEN cookie and it appears as if the way to do this via SOAP, is with an AuthRequest. In the SOAP docs for AuthRequest, it mentions:
"an authToken can be passed instead of account/password/preauth to validate an existing auth token."
However, the same authToken seems to validate with any User ID..
For example, if I log in as
user@zimbraserver.edu, and then issue the following AuthRequest with their cookie:
Code:
<AuthRequest xmlns="urn:zimbraAccount">
<account by="id">user@zimbraserver.edu</account>
<authToken>0_80d73a1141595a4daaef1af9853055c450....[long]...</authToken>
</AuthRequest>
I get the Response:
<AuthResponse xmlns="urn:zimbraAccount">
<authToken>0_80d73a1141595a4daaef1af9853055c450....[long]...</authToken>
<lifetime>172046740</lifetime>
<sessionId id="1577">1577</sessionId>
<skin>beach</skin>
</AuthResponse>
I appears to get a response as if it has set a session for
user@zimbraserver.edu instead of validating an existing session. If I issue subsequent requests with the same ZM_AUTH_TOKEN as different users, it returns a new session too.
So the question is: How do I do, as the docs say: validate an existing ZM_AUTH_TOKEN. And am I on the right track with using AuthRequest? Thank you for any help here!
Zimbra :: Bugzilla
Zimbra :: Wiki
SOAP AuthRequest Question 
Linear Mode
