I am currently working on integrating Okta authentication into our company application. After reviewing the dynamic app example provided in the Okta IDX Android GitHub repository, I noticed that it displays its own login screens for user authentication.
However, I would like to retain our existing login screen and implement Okta authentication in the background. My goal is to allow users to enter their username and password on our custom UI while still leveraging Okta’s authentication services.
Could you please provide guidance on how to achieve this? Specifically, I’m looking for insights on:
How to bypass the default login screens provided by the Okta SDK.
How to programmatically authenticate users using Okta with the credentials collected from our custom login screen.
Thank you for your assistance, and I look forward to your response.
Hmm. First, the way that mobile (and native desktop) apps work is to use an embedded browser to send the user to the authorization server at Okta. It’s Okta that is painting the page, just as it does for a regular web app or a single-page application. When the user successfully authenticates Okta redirects the browser to a callback URL. In native applications, the callback URL triggers the application receiving the callback. The callback is not the identity information, it is a code. The application then turns around and calls the Okta authorization server again and exchanges the token for the identity. This keeps the identity information from passing through the browser, a security risk. This is the Open Authentication “Authorization Code Flow with Proof Key for Code Exchange”.
One of the whole points of doing this is to keep the user’s credentials OUT of the application, where it could be a security risk if the application can see them.
We used to do what you are asking for with the OAuth “Password Flow”, where the application presented the user credentials. But for ther reasons I described, that has been removed from the new OAuth standard.
You may still be able to accomplish this with IDX. This is a proprietary authentication flow that Okta uses. Look for it in the SDK documentation, it should point you to the IDX documentation for that flow. I will warn you though that it is not going to be easy, and you will probably have problems with MFA.