okta-auth-swift icon indicating copy to clipboard operation
okta-auth-swift copied to clipboard

Published 20 hours ago verified publisher icon okta

Add "deviceToken" parameter to authenticate() function - need it by 9/23/2019

Open efeluke opened this issue 5 years ago • 6 comments

In order to make "rememberDevice" work, user needs to send deviceToken in /authn API. Currently, OktaAPI.primaryAuthentication() supports "deviceToken" parameter, however, public function OktaAuthSdk.authenticate() does not. Should add it to enable the feature.

We plan to release our first version of mobile app for supporting Okta in 3 weeks, it would be great to have the fix by 9/23. Thanks.

Sample code:

class OktaAuthSdk:

public class func authenticate(with url: URL, username: String, password: String?, deviceToken: String? = nil, onStatusChange: @escaping (_ newStatus: OktaAuthStatus) -> Void, onError: @escaping (_ error: OktaError) -> Void) {

    let unauthenticatedStatus = OktaAuthStatusUnauthenticated(oktaDomain: url)
    unauthenticatedStatus.authenticate(username: username,
                                       password: password ?? "",
                                       deviceToken: deviceToken,
                                       onStatusChange:onStatusChange,
                                       onError:onError)
}

class OktaAuthStatusUnauthenticated:

open func authenticate(username: String, password: String, deviceToken: String?, onStatusChange: @escaping (_ newStatus: OktaAuthStatus) -> Void, onError: @escaping (_ error: OktaError) -> Void) {

    restApi.primaryAuthentication(username: username,
                                  password: password,
                                  deviceToken: deviceToken,
                                  deviceFingerprint: nil)
    { result in
        self.handleServerResponse(result,
                                  onStatusChanged: onStatusChange,
                                  onError: onError)
    }
}

efeluke avatar Sep 19 '19 16:09 efeluke

Hi @efeluke ,

Thank you for creating this ticket. I will add required functionality early next week. I will keep you posted!

Ildar

IldarAbdullin-okta avatar Sep 19 '19 20:09 IldarAbdullin-okta

HI @efeluke,

According to the documentation: Specifying your own deviceToken is a highly privileged operation limited to trusted web applications and requires making authentication requests with a valid API token. If an API token is not provided, the deviceToken will be ignored. https://developer.okta.com/docs/reference/api/authn/#primary-authentication-with-trusted-application

Mobile application is untrusted application and can't use deviceToken. So it is by design that there is no public API for that

Ildar

IldarAbdullin-okta avatar Sep 20 '19 16:09 IldarAbdullin-okta

Why is Mobile application considered untrusted? Why does Okta SDK for Android provide that functionality?

efeluke avatar Sep 20 '19 18:09 efeluke

Mobile applications are untrusted because they can't use admin API token due to security reasons Regarding Android SDK, it is built on top of java SDK, and java SDK is mostly used for server applications, that is why deviceToken is available for Android. We have to fix that part in Android SDK

IldarAbdullin-okta avatar Sep 20 '19 18:09 IldarAbdullin-okta

Hi @IldarAbdullin-okta we`re using deviceToken from iOS/android sdks and they don't need API token. I found this issue https://github.com/okta/okta-developer-docs/issues/782 about wrong docuemntation , could you confirm if we are in the correct way?

eberttc avatar Sep 30 '20 03:09 eberttc

Hi @eberttc ,

I'm going to re-open this ticket and bring this to the team for discussion. There could be a chance that server just ignores deviceToken if api token is not provided. I need some assistance from server folks

Ildar

IldarAbdullin-okta avatar Oct 08 '20 00:10 IldarAbdullin-okta