We're looking to store some values in the session database associated with a user's access token. In our version of MAG/OTK we see two options, OTK Client Session - * and OTK Session - *. What, if any, is the difference between the two assertions?
The wiki below could help.
Sessionstore API - CA API Management OAuth Toolkit - 3.2 - CA Technologies Documentation
I think the sessionstore API uses the OTK Session
The assertion "OTK Client Session" (which is not available in newer OTK releases) is only used by the test clients that may be installed. For processing OAuth requests OTK uses "OTK Session - *".
If you want to track additional data related to an access_token use "OTK Session - *". (when retrieving data do not forget to URLDecode the content!)
The API /oauth/session/* is NOT used by default. Only if the variable "OTK-<Version>/Policy Fragments/configuration/OTK Storage Confguration - host_oauth_session_server" is configured to point to something else than "localhost".
Retrieving data ...