lewisdoesstuff
commented
1 year ago Not a solution, but I worked around this by catching the error returned by token.getWithoutPrompt, checking if it includes 'MFA', then calling token.getWithPrompt with { prompt: 'consent' }.
This doesn't display a prompt for anyone who doesn't require MFA, but shows it when factor validation is required.
jaredperreault-okta
Describe the bug
I'm running into issues trying to add MFA support to my custom sign-in form.
This works fine without MFA, using PKCE and
signInWithCredentials, then callingtoken.getWithoutPromptto fetch the tokens.However, once MFA is enabled on the app, this seems to behave differently to what the Authn API says.
Calling
signInWithCredentialsreturns a transaction with a status ofSUCCESS, instead of the expectedMFA_REQUIRED. Then, as we're not able to detect that MFA is required, the regular (successful) login handler is used, andtoken.getWithoutPromptthrows an error:The client specified not to prompt, but the client app requires re-authentication or MFA.This works fine if I call
signInWithRedirect, as the MFA prompt is handled by the Okta-hosted page, but I'd like to handle this in-app, without redirecting to another page to complete the MFA challenge.Reproduction Steps?
Can't share a repo, unfortunately, but to reproduce:
pkce: trueauthClient.signInWithCredentials(username, password)to get the transactionstatus: 'SUCCESS', as expected.token.getWithoutPromptreturnsThe client specified not to prompt, but the client app requires re-authentication or MFA.SDK Versions
System: OS: Windows 10 CPU: x64 11th Gen Intel(R) Core(TM) i9-11900H @ 2.50GHz Memory: 13.33 GB / 31.67 GB Binaries: Node: 16.18.0 - ~\Applications\node-v16.18.0-win-x64\node.EXE npm: 8.19.2 - ~\Applications\node-v16.18.0-win-x64\npm.CMD Browsers: Edge: 44.19041.1266.0 Internet Explorer: 11.0.19041.1566
It didn't return the
okta-auth-jspackage version, but it's"@okta/okta-auth-js": "^7.3.0"Additional Information?
No response