Need to Retrieve User Status Before Entering App After Token Validation (iOS Swift)

aaxmazz · March 7, 2025, 4:45am

We are developing an iOS Swift application using OktaAuthSdk, OktaOidc, and OktaStorage for authentication.

Issue Summary:

• After login, we store AuthStateManager in OktaStorage.

• When the user reopens the app, they enter their PIN for quick login.

• Before allowing access to the app, we validate the token:

• If expired, we refresh it using renew().

• Before entering the app, we need to check the user’s status (e.g., ACTIVE, PASSWORD_EXPIRED, LOCKED_OUT).

Problem:

• There is no direct way to check the user’s account status before allowing access.

• getUser() does not return the status field.

• If the user’s password is expired or the account is locked, we are not getting an error when renewing the token.

Expected Behavior:

Before allowing the user into the app, we need a way to:

• Check if the user is active (ACTIVE, PASSWORD_EXPIRED, LOCKED_OUT).

• Prompt the user to reset their password if expired.

Actual Behavior:

• The app does not receive any status-related information when refreshing the token.

• If the user’s password is expired, the app still allows login with the renewed token instead of forcing a password reset.

Steps to Reproduce (iOS Swift):

User logs in → AuthStateManager is stored in OktaStorage.
User reopens the app and enters their PIN.
Check token validity :

• If expired, call renew().

Issue:

• No way to check the user’s status before allowing access to the app.

Code Example (iOS Swift):
private func checkUserStatus(authStateManager: OktaOidcStateManager) async → String? {
do {
let userInfo = try await fetchUserInfo(authStateManager: authStateManager)
return userInfo[“status”] as? String // “status” is missing!
} catch {
print(“ Error fetching user info: (error.localizedDescription)”)
return nil
}
}

• status field is missing from getUser().

Question:

• What is the correct API call or method to check user status before allowing app access ?

• How can we detect password expiration or account lockout before proceeding?

• Is there an alternative endpoint (e.g., /users/{id}) that we should call instead?

Okta SDK Versions (iOS Swift):

• OktaAuthSdk: (version)

• OktaOidc: (version)

• OktaStorage: (version)

Environment:

• Platform: iOS (Swift)

• iOS Version: (e.g., iOS 18)

• Device: (e.g., iPhone 16 Pro)

• Okta Tenant: (e.g., ciam-test.solventum.com)

Additional Notes:

• We need to check user status BEFORE entering the app , not just after login.

• If there is an API to fetch password expiration, account lock, or user status , please advise.

Post		Replies	Views
Functionality of Okta framework for iOS does not match documentation OAuth/OIDC ios	5	5431	January 16, 2018
[iOS SDK] [PKCE] How to set authentication state from accessToken and refreshToken Questions	4	3356	February 12, 2024
iOS - Handle concurrency to "renew" Questions	1	3648	January 23, 2024
[iOS] stateStoreManager is nil causing token related methods to throw Questions	1	741	May 9, 2024
React - way to ensure I am authenticated? OAuth/OIDC nodejs , reactjs	9	9972	January 12, 2024

Need to Retrieve User Status Before Entering App After Token Validation (iOS Swift)

Related topics