IBM Security Identity and Access: Developer PortalSearchSite map
Home / IBM Security Verify Adaptive Access / Native Applications / Developing Native Web Applications / 7. Performing Recollection

Performing Recollection

After a certain duration, it is necessary to perform recollection on the user-agent. This involves re-invoking the Browser SDK to be issued a new sessionID.

Recollection is only required when the following error is returned from the /token API:

{
    "error":"adaptive_more_info_required",
    "error_description":"CSIAQ0298E Adaptive access assessment unavailable. Session collection was not completed or interrupted."
}

When this error is returned from a Proxy SDK invocation, the current request state should be captured, and the user-agent redirected to a recollection page.

Handle the error from the proxy SDK with this snippet:

app.post("/refresh", (req, res) => {

    var context = {
        sessionId : req.session.sessionId, // The session ID saved during evaluate
        userAgent : req.headers['user-agent'], // The user-agent collected from headers
        ipAddress : req.ip // The IP address of the connection.
    };


    adaptive.refresh(context, req.session.token.refresh_token)
        .then((result) => {
            // Refresh token handling
        }).catch(error => {
            // Check for the more-info-required error key
            if(error.error == "adaptive_more_info_required")
            // Store current state, redirect to recollection page
            res.redirect("/collect");
            return;
        });
});

The recollection page should perform collection, and post the sessionId to an endpoint which is able to resume the authentication flow being followed.

An example recollection page could be:

<html>
<head>
    <script src='static/adaptive-v1.min.js'></script>
    <script>
        startAdaptiveV1('<snippet host>', '<snippet ID>');
        function collect() {
            getSessionId().then(sessionID => {
                const form = document.createElement('form');
                form.method = 'POST';
                form.action = '/collect';

                const sessionIDField = document.createElement('input');
                sessionIDField.type = 'hidden';
                sessionIDField.name = 'sessionId';
                sessionIDField.value = sessionID;
                form.appendChild(sessionIDField);
                document.body.appendChild(form);
                form.submit();
            });
        }
    </script>
    <title>Please wait...</title>
</head>
<body onload='collect()'>
    <h1>Please wait...</h1>
</body>
</html>

Save this a collect.html and add the GET and POST endpoints for /collect:

app.get("/collect", (_, res) => {
    res.sendFile(__dirname + '/collect.html');

});
app.post("/collect", (req, res) => {

    var context = {
        sessionId : req.body.sessionId, // The session ID saved during evaluate
        userAgent : req.headers['user-agent'], // The user-agent collected from headers
        ipAddress : req.ip // The IP address of the connection.
    };

    adaptive.refresh(context, refreshToken)
        .then((result) => {
            // Re-attempt refresh.
    });
});

Next: Implementing Persistence

Previous: Using Refresh Tokens