Detect a locked account using okta-react-native SDK

Hi all,

I’m using the custom sign in method within a React Native app. After too many failed login attempts (believe 10 is the magic number), I would like to get the transaction status back to confirm a status of “LOCKED_OUT”.

Given how the signIn method is implemented, I’m unsure how to go about ‘catching’ the status once the signIn method throws the error, "Transaction status other than “SUCCESS” has been return, please handle it properly by calling “authClient.tx.resume()”

The authClient.tx.resume() call then throws “No transaction to resume”.

Guess my question is, using the okta-react-native SDK, how can I detect a locked account?

Thanks.

Do you see the LOCKED_OUT status returned if you us the /authn endpoint with Postman/curl? If not, you will need to configure your Password policy in Okta to “Show lock out failures.”

@andreaskouras Thanks for the response

I believe my password policy is configured correctly.

The response from the react-native SDK for a status other than SUCCESS is literally:

Transaction status other than “SUCCESS” has been return, please handle it properly by calling “authClient.tx.resume()

node_modules/@okta/okta-react-native/index.js (line 94-96)

if (status !== 'SUCCESS') {
  throw new Error('Transaction status other than "SUCCESS" has been return, please handle it properly by calling "authClient.tx.resume()"');
}

Given the password policy seems to be configured correctly, any other suggestions?

Thanks

Ah, you’re right, it does look like the React-Native SDK’s signIn method is able to handle other transaction states, but it only suggests tx.resume as the means to handle them.

When I tested, I found that tx.exists() resolved to false for users that were LOCKED_OUT, so I’m guessing that, because LOCKED_OUT has no possible future transaction state, that there is no way to resume it.

You probably want to file a Github Issue for the React-Native SDK, as the signIn method ideally would provide some sort of way to handle or return the status to you so you can handle it. Short of that, you could look into directly using the Auth JS library’s signInWithCredentials (since this is where React-Native is getting signIn) method so that you can catch the LOCKED_OUT status and decide how to redirect or warn those users.