I'm using adapter-based authentication. The client obtains some credentials, the adapter validates those again an enterprise service, the result is I'm now in my enterpriseRealm.
Later, my HTTP adapters, protected by that realm go fetch some data from other enterprise services, providing some credentials obtained when the original authentication occurred.
One possible outcome is that the enterprise service may now detect that the user's session is no longer valid - one possible scenario is that the user has had their privileges revoked - and hence my HTTP adapter now "knows" that the user no longer should be treated as authenticated in the enterpriseRealm, future calls to the HTTP adapters should require reauthentication.
I was looking for some way on the server side to "logout" or otherwise notify Worklight that the session is invalid. Best I can see so far is to send an particular error response back to the client and have client code call WL.Client.logout(). I'm slightly uneasy about this as it requires that all clients of my HTTP adapter methods correctly handle this error condition. Is there any better alternative?
Similarly to the way you set active user after successful authentication you can use WL.Server.setActiveUser("your-realm", null) API. This will destroy stored userIdentity stored on WL server. Once you do that - next incoming requests will get an authentication challenge.