Getting user profile with okta-auth-js

We have a react application and we’re trying use okta-auth-js for as much as possible. All of our users belong to an application using “Password + Email or SMS” Authentication policy, so authentication uses

oktaClient.idx.authenticate({ username, password })

on our username / password page, followed by

oktaClient.idx.authenticate({ verificationCode: code })

for multi-factor authentication.

After the username/password, but before the MFA, we might want to perform some operations based on the user’s profile. Is this possibly solely with okta-auth-js, or would we need to use the API functions in our backend? I’ve made some adjustments to claims, but those values only return after the MFA step, not before.


You would need to use one of the Okta Management SDKs or the API directly.

If you plan to do this from a public application with XHR calls (React), the Okta Management API endpoints will not set the needed CORS headers to allow you to use an API Token from a public application.

You can use an access_token with the okta.MyAccount.* scopes to manage a users profile, but this requires going through full authentication to get tokens.

Thank you