bdalpe
commented
1 month ago @sandypatel1986 I'm not sure I fully understand the issue as described.
For a normal application, the user's browser would follow the Authentication API when using the Okta sign-in widget. This API requires state management (a stateToken parameter must be sent with every request from a value in a cookie). Without a stateToken, the user is subject to primary authentication (username/password submission) which would be handled by your RADIUS server.
Due to the stateless nature of RADIUS/this app, we must use another API which does not require tracking an external state like a cookie. This app calls the User Factors API directly which doesn't require a stateToken to be sent.
I'm not an expert on the internals of how the Okta APIs work, but it sounds like there may be some differences in behavior between the API endpoints.
When user receives push on mobile and approves it, it does not ask for fingerprint / biometric even if user has already enrolled in Okta verify app. Is this because this is just an API call ? This does not happen for other account which are integrated with Okta. Any suggestions ?