how to setup devicetoken using okta js sdk
We are currently sending the X-Device-Fingerprint header to the /authn request, as described in the okta-auth-js docs for signInWithCredentials():
However, the link to the Okta docs from that section says:
Note: The use of the X-Device-Fingerprint header for new device security behavior detection is deprecated. Starting April 12 2021, we are going to enable improvements to the new device security behavior for all the existing tenants. After the improvements are rolled out, new device security behavior only relies on the deviceToken in the Context Object and doesn't rely on the X-Device-Fingerprint header. The new or unknown device email notification feature continues to rely on the X-Device-Fingerprint header.
AND
Note: The X-Device-Fingerprint header is different from the device token. Device-based MFA in the Okta Sign-On policy rules depends on the device token only and not on the X-Device-Fingerprint header. To read more about the device token, see Context Object. Device-based MFA would work only if you pass the device token in the client request context.
We have also tried using the Context Object in the signInWithCredentials method from okta-auth-js as such:
authClient.signInWithCredentials({
username,
password,
context: JSON.stringify({ deviceToken: "test" })
});
But we get back a 400 error “The request body was not well-formed." (We stringify the context object in our request because context is typed as string in okta-auth-js).