Need to Retrieve User Status Before Entering App After Token Validation (iOS Swift)

We are developing an iOS Swift application using OktaAuthSdk, OktaOidc, and OktaStorage for authentication.

Issue Summary:

• After login, we store AuthStateManager in OktaStorage.

• When the user reopens the app, they enter their PIN for quick login.

• Before allowing access to the app, we validate the token:

• If expired, we refresh it using renew().

Before entering the app, we need to check the user’s status (e.g., ACTIVE, PASSWORD_EXPIRED, LOCKED_OUT).

Problem:

• There is no direct way to check the user’s account status before allowing access.

• getUser() does not return the status field.

• If the user’s password is expired or the account is locked, we are not getting an error when renewing the token.

Expected Behavior:

Before allowing the user into the app, we need a way to:

Check if the user is active (ACTIVE, PASSWORD_EXPIRED, LOCKED_OUT).

• Prompt the user to reset their password if expired.

Actual Behavior:

• The app does not receive any status-related information when refreshing the token.

• If the user’s password is expired, the app still allows login with the renewed token instead of forcing a password reset.

Steps to Reproduce (iOS Swift):

  1. User logs in → AuthStateManager is stored in OktaStorage.

  2. User reopens the app and enters their PIN.

  3. Check token validity :

• If expired, call renew().

  1. Issue:

• No way to check the user’s status before allowing access to the app.

Code Example (iOS Swift):
private func checkUserStatus(authStateManager: OktaOidcStateManager) async → String? {
do {
let userInfo = try await fetchUserInfo(authStateManager: authStateManager)
return userInfo[“status”] as? String // :red_circle: “status” is missing!
} catch {
print(“:cross_mark: Error fetching user info: (error.localizedDescription)”)
return nil
}
}

• status field is missing from getUser().

Question:

• What is the correct API call or method to check user status before allowing app access ?

• How can we detect password expiration or account lockout before proceeding?

• Is there an alternative endpoint (e.g., /users/{id}) that we should call instead?

Okta SDK Versions (iOS Swift):

OktaAuthSdk: (version)

OktaOidc: (version)

OktaStorage: (version)

Environment:

Platform: iOS (Swift)

iOS Version: (e.g., iOS 18)

Device: (e.g., iPhone 16 Pro)

Okta Tenant: (e.g., ciam-test.solventum.com)

Additional Notes:

• We need to check user status BEFORE entering the app , not just after login.

• If there is an API to fetch password expiration, account lock, or user status , please advise.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Hi,

If you need check the user’s account status before allowing access to your application the only available way is to call the users endpoint with an API token from your backend - https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/getUser

You can also use bearer token for this endpoint, but you would need to write custom logic for this. For example, after the user get the Access Tokens you can query this endpoint to check the user status and based on the response (user status) you can force the logout or password reset accordingly.