Generate session token from state token

I am using MFA and so the initial call to /authn endpoint gives me state token and expiry time instead of session token. Is there a way I can get the session token after the MFA authentication is successful? Any help would really be appreciated.

Hello,
Once an authentication flow is complete, the response will contain a sessionToken. If you are receiving responses with a stateToken then there are more steps required to complete the flow.

When you receive a stateToken instead of a sessionToken there should also be a status value that indicates what the next step is, such as

"status": "PASSWORD_EXPIRED",

Here are the steps that I have followed:

  • authentication to /auth endpoint (Receives state_token, ‘status’: ‘MFA_REQUIRED’, user_id and so on)
  • issue_user_factor_challenge using f"{url}/api/v1/users/{userid}/factors/{factorid}/verify" end point. The output contains (‘factorResult’: ‘WAITING’, ‘expiresAt’: ‘2022-06-10T01:27:39.000Z’, and so on). This will give a push notification to the device.
  • verify_factor_challenge using endpoint (f"{url}/api/v1/users/{userid}/factors/{factorid}/transactions/{tra insactionId}"). This step return {“factorResult”:“SUCCESS”} .
    I am wondering what is the next step to generate the session token. What is the next step from here to get a session token?

What type of factor are you trying to use?

I am using Push Verification

You must also be validating your endpoints with python. Like Erik said, a stateToken is an incomplete step. If you have a stateToken you need to pass it into this endpoint: https://${yourOktaDomain}/api/v1/authn to validate it before obtaining a sessionToken.

More info here. Let me know if you are still having difficulty I’ll share the script I put together for it.

I think I quite didn’t catch the solution. When I give a request to that endpoint , https://${yourOktaDomain}/api/v1/authn I get a response similar to this on:

What do you recommend after following these steps?

  • authentication to /auth endpoint (Receives state_token, ‘status’: ‘MFA_REQUIRED’, user_id and so on)
  • issue_user_factor_challenge using f"{url}/api/v1/users/{userid}/factors/{factorid}/verify" end point. The output contains (‘factorResult’: ‘WAITING’, ‘expiresAt’: ‘2022-06-10T01:27:39.000Z’, and so on). This will give a push notification to the device.
  • verify_factor_challenge using endpoint (f"{url}/api/v1/users/{userid}/factors/{factorid}/transactions/{tra insactionId}"). This step return {“factorResult”:“SUCCESS”} .
    I thought {“factorResult”:“SUCCESS”} means that authentication is successful
    After that i tried again passing the “state token” to this endpoint you have mentioned.
    The response that I received contains again the same state token with ‘status’: ‘MFA_REQUIRED’,