Open lewisdoesstuff opened 1 year ago
Not a solution, but I worked around this by catching the error returned by token.getWithoutPrompt
, checking if it includes 'MFA', then calling token.getWithPrompt
with { prompt: 'consent' }
.
This doesn't display a prompt for anyone who doesn't require MFA, but shows it when factor validation is required.
Thanks for the report, we will look into this
Internal Ref: OKTA-644786
Describe the bug
I'm running into issues trying to add MFA support to my custom sign-in form.
This works fine without MFA, using PKCE and
signInWithCredentials
, then callingtoken.getWithoutPrompt
to fetch the tokens.However, once MFA is enabled on the app, this seems to behave differently to what the Authn API says.
Calling
signInWithCredentials
returns a transaction with a status ofSUCCESS
, instead of the expectedMFA_REQUIRED
. Then, as we're not able to detect that MFA is required, the regular (successful) login handler is used, andtoken.getWithoutPrompt
throws an error:The client specified not to prompt, but the client app requires re-authentication or MFA.
This works fine if I call
signInWithRedirect
, as the MFA prompt is handled by the Okta-hosted page, but I'd like to handle this in-app, without redirecting to another page to complete the MFA challenge.Reproduction Steps?
Can't share a repo, unfortunately, but to reproduce:
pkce: true
authClient.signInWithCredentials(username, password)
to get the transactionstatus: 'SUCCESS'
, as expected.token.getWithoutPrompt
returnsThe client specified not to prompt, but the client app requires re-authentication or MFA.
SDK Versions
System: OS: Windows 10 CPU: x64 11th Gen Intel(R) Core(TM) i9-11900H @ 2.50GHz Memory: 13.33 GB / 31.67 GB Binaries: Node: 16.18.0 - ~\Applications\node-v16.18.0-win-x64\node.EXE npm: 8.19.2 - ~\Applications\node-v16.18.0-win-x64\npm.CMD Browsers: Edge: 44.19041.1266.0 Internet Explorer: 11.0.19041.1566
It didn't return the
okta-auth-js
package version, but it's"@okta/okta-auth-js": "^7.3.0"
Additional Information?
No response