Does anyone know an easy to way to get the user’s last login time in an API based Auth code flow with Okta?
I use the Authorization API to get a session token, then bounce the user through Okta to get an authorization code redirect. I’d like to display “you last logged in at” on my website. Is there a way to get it from the authorization API when I make a token, or have it embedded in the Access Token to save on any extra API calls to Okta? I definitely don’t want to be querying the system log on every user login.
Your options depends on which timestamp you want: when the token was issued or when the user originally logged into Okta
Within the tokens issued, you should see an ‘iat’ value. Represented as a Unix (epoch) timestamp, this will tell you when a token was issued.
If you’re using a custom authorization server (like the one called ‘default’) you could look to use a token inline hook to have this timestamp included in the token. Per our docs, we include an eventTime value in the request we send to your endpoint when a token is requested (either via the authorize endpoint or the token endpoint, depending on the OAuth flow). This easily has the most overhead, when similar information will already be included in the token as the ‘iat,’ but could prove useful if there is other information about their authentication you want included in the token directly.
If you want to know when they user last completed primary authentication, you can find out when they started their Okta session by making a CORS request to /api/v1/sessions/me. There you can get the createdAt (when their session started) and lastPasswordVerification or lastFactorVerification (the last time they were prompted to authenticate or verify an MFA factor)