I have a web application with a working integration with okta.
I was using ‘One factor access’ as authentication policy for my app, and in the cath-all Rule I can see:
1 factor tipe: Email or Google Authenticator or Password
I added Okta Verify authenticator, and the ‘One factor access’ policy, has been updated in the cath-all rule with this:
1 factor tipe: Email or Google Authenticator or Okta Verify or Password
This is what I expect, because I want to use any of this authenticators. I understand, if I want use new Okta Verify authenticator, I need to make changes on my integration to support it. But as rule mantains the previous authenticators with an OR, I expect that without any changes, I can still using my app with this others authenticators.
The result is that since I add Okta Verify to authenticators, my integration don’t work.
If I change my aplication’s policy to another one that for example only uses password it works ok again.
Since I add Okta Verify to authenticators, I can’t configure a policy that uses ‘One factor’ with multiple authenticators, but without okta verify. And with okta verify autheticator my integration don’t work
I am ussing okta-idx-java-api-3.0.4.jar
Debugging I saw the runtime difference between both configurations:
On AuthenticationTransaction.java, on createProceedContext() function, when arrives to line 138, the boolean isIdentifyInOneStep returns false since I add Okta verify. Without okta verify it returns true.
If I have been configurated the policy with OR authenticators
Why is happening this?