I’ve implemented a sign-in flow with mfa factors (call and sms) in a front-end application using @okta/okta-react. After sign-in, the API responses provide methods for enrolling, activating, and verifying mfa factors. However, I can’t seem to figure out any way to implement the rememberDevice option, and the Okta Developer documentation is mostly silent about it, but I’m pretty sure this feature exists. The policy in the Okta responses even have relevant keys like “rememberDeviceByDefault” and “allowRememberDevice”.
Update: So far, the okta-react library appears to be missing a lot of functionality. I was able to get rememberDevice working, but I had to bypass the library and use an api client to send a POST request directly to my okta api endpoint for verify. By doing that I was also able to add the rememberDevice=true queryParam.
The additional steps were:
I had to generate a deviceToken on my end, store it in localStorage, and include context: { deviceToken} in the sign in options when I call oktaAuth.signIn. The same deviceToken needs to be used with every sign in for the device to be remembered.
when POSTing to the verify endpoint, in addition to the query param mentioned above, I also had to pass the stateToken, which I got from the okta response data after requesting a pass code.
So while I have a working solution, this is not a solution from okta-react, which still appears to lack a solution. Does anyone have any idea how to make this work directly from the okta-react library?
okta-react library doesn’t directly perform authentication. It leverages the underlying okta-auth-js library to do that. From the description that you provided it looks like you are using the AuthN flow (Okta Classic). Are you using something like the below to set the deviceToken