search

okta / okta-auth-js

The official js wrapper around Okta's auth API
Other
455 stars 267 forks source link

For MFA, how to select the second SMS phone number? #1540

Open alex-sh-wu opened 2 months ago

alex-sh-wu commented 2 months ago

Describe the bug

I am using the IDX API of the Okta Auth JS library. I am following the steps in the On-Demand section from here: https://github.com/okta/okta-auth-js/blob/master/docs/idx.md#idxauthenticate

I am currently using this API with a user that has 1 email factor and 2 phone factors. When I login with this user's credentials with authClient.idx.authenticate(), I am presented with a status PENDING with the following data in the nextStep attribute:

{
   inputs: [
      name: "authenticator",
      options: [
         {label: "Email", value: "okta_email"},
         {label: "Phone", value: "phone_number"},
         {label: "Phone", value: "phone_number"},
      ]
   ],
   name: "select-authenticator-authenticate"
}

When I proceed to the next step with

authClient.idx.authenticate({ authenticator: "phone_number", methodType: "sms" });

the SMS always gets sent to the user's first phone number, and even if I pass in other attributes like id or enrollmentId, I can't send the SMS to the second phone number instead. What should I be passing in so that the SMS can be sent to the second phone number instead of the first phone number?

Reproduction Steps?

// start the flow with a user that has one email enrolled and two phone numbers enrolled
const { 
  status, // IdxStatus.PENDING
  nextStep: { 
    inputs, // [{ name: 'authenticator', ... }]
  }
} = await authClient.idx.authenticate({ username: 'xxx',  password: 'xxx' });

// a list of authenticators is shown and the user selects "phone_number"
const { 
  status, // IdxStatus.PENDING
  nextStep: { 
    inputs // [{ name: 'verificationCode', ... }]
  }
} = await authClient.idx.proceed({ authenticator: AuthenticatorKey.PHONE_NUMBER, methodType: "sms" });
// user will receive SMS on the first phone number, but not the second
// passing in parameters like "id" or "enrollmentId" does not change the phone number selection

SDK Versions

7.8.0

Additional Information?

IDX Documentation: https://github.com/okta/okta-auth-js/blob/master/docs/idx.md#idxauthenticate