okta-react-native icon indicating copy to clipboard operation
okta-react-native copied to clipboard
verified publisher icon okta

Add support for `signInWithBrowser` to have `acr_values`/`acrValues` and other OIDC `/authorize` query parameters configurable when authenticating

Open grantaveryatgfs opened this issue 11 months ago • 1 comments

Describe the feature request?

The OpenID Connect (OIDC) spec outlines an optional acr_values query param that can be provided on /authorize API calls (see https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest and https://openid.net/specs/openid-connect-core-1_0.html#acrSemantics).

Okta's web APIs support this query param (see https://developer.okta.com/docs/guides/step-up-authentication/main/), as does the the Okta Auth JS library that is embedded within this library (see https://github.com/okta/okta-auth-js?tab=readme-ov-file#authorize-options).

However, if I'm running in the React Native environment and want to use this library's signInWithBrowser function, which handles the browser login and /authorize call, there does not appear to be any option to specify the desired acr_values, among several other query params.

It would be great to have this functionality supported for React Native via this library, as it will allow companies like mine to build step-up authentication across our whole product ecosystem. Thanks!

Implementation details

I see two ways this could be implemented, not sure which makes more sense:

  1. Add a section within the Okta.ConfigParameters for acr_values. This makes sense because the issuer, scopes, and other /authorize query params are set here already.
  2. Add a section within the signInWithBrowser's Okta.BrowserOptions for /authorize query params, including acr_values.

New or Affected Resource(s)

N/A

Provide a documentation link

See above

Additional Information?

N/A

grantaveryatgfs avatar May 20 '25 14:05 grantaveryatgfs

I've put together a very barebones commit that implements both approaches in one, preferring the Okta.BrowserOptions side if present. I've tested it locally with my team's app as an NPM patch and it is working (at least on Android so far; EDIT: Also confirmed to work for iOS), resulting in the acr claim in the JWTs after authentication.

Please let me know what y'all think, and what would need to be done to productionize it. Thanks!

https://github.com/okta/okta-react-native/commit/b832b1a8dd6db9c455559b4c2e72cfeed4e48276

grantaveryatgfs avatar May 20 '25 20:05 grantaveryatgfs