How Per Device Remember me API works

Questions API
,
1

I have setup a sign on policy with a rule to prompt for factor, and have Per Device selected, and Remember Device By Default checked.

I see the response coming back after logging in

“policy”: {
“allowRememberDevice”: true,
“rememberDeviceLifetimeInMinutes”: 0,
“rememberDeviceByDefault”: true,
“factorsPolicyInfo”: {}
}

But how do I utilize this feature, so that the MFA question is not required when logging in from the same device?
I do not see anything on the object to post back when I verify the question answer?

Thank you.

2

I see now that I must pass the devicetoken during the authentication process like below…
{
“username”: “someuser”,
“password”: “********”,
“Context”: {
“deviceToken”: “LcXgMJAvofqXc+njrIIzf6Kc4TIs6wmo”
}
}

and then add /verify?rememberDevice=true to the MFA authentication URL, but I still am getting MFA_REQUIRED when logging back in again passing the same devicetoken.

I also have the Per Device selected in my Sign On policy Rule.

Am I missing a step?

3

context should be lower case

Authenticate with devise token

{{url}}/api/v1/authn

{

“username”: “{{username}}”,
“password”: “{{password}}”,
“options”: {
“multiOptionalFactorEnroll”: false,
“warnBeforePasswordExpired”: true
} ,
“context”: {
“deviceToken”: “26q43Ak9Eh04p7H6Nnx0m69JqYOrfVBY”
}
}

Then you need to verify : {{url}}/api/v1/authn/factors/{{factorId}}/verify?rememberDevice=true

{
“stateToken”: “{{stateToken}}”,
“passCode”: “389340”
}

Next time you login with same device token should get session token and not "MFA_REQURED . If you implementing this with own application you need to create cookie with device id. Ithas to be secured cookies.
Okta drops device cookie “DT” in browser . If you clear your cache then you will be ask again. You need to implement this flow in login process to validate DT and every time user login

4

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.