The APP gets called vom another Programm, that opens the browser with the specific url, calling the APEX-app and passing specials parameters. Those parameters determine if its a valid session. So my first thought was to simply setup a authorisation schema, that tests on just some flag.
However, when the APP gets no valid parameters, there should be a custom authentification scheme, that promts for username and password.
I am trying to use the Sentry-function of that custom authentification to determine, if the parameters passed via the url are valid. The problem is, as it seems, as long as there is no valid session, APEX doesnt store any values in the items, that is: only in page items on a public page, but they are no longer valid, when another page is called, and at that point the sentry-function is execute.
One simple solution would be to make the entire APP public and have an Authorisation Scheme running for each page, but still I think, a propper Authentification would be a better solution.
I have looked though a few how-to's and the documentation, but I have not found a good answer, maybe because this is a rather special task. So I hope you guys can give me some hints.