OIE idx phone authenticator enrollment causes error on web's use of okta signin widget

I have an interesting issue I encountered. Using OIE and the interaction code grant flow (okta-idx-swift package), I enroll a user in mobile with the phone factor, selecting SMS. ONce this fulfills enrollment, I go to our sign in app that uses okta-signin-widget. When I provide the username/password the next step asks me to complete SMS authenticator. After completing though, its asking that I enroll the phone authenticator still (based on our policy):

image650×629 30.4 KB

I’m guess this is a backwards compatibility issue between OIE and this older version of the widget, where in classic the phone - sms and phone - voice were separate authenticators.

Is there anything we can do to keep it in sync as a work around - additional mfa request to set the phone - voice/sms given the selection of the user in mobile?

version of okta-idx-swift: latest version

versions used for okta in js:
“@okta/okta-auth-js”: “4.8.0”,
“@okta/okta-react”: “5.0.0”,
“@okta/okta-signin-widget”: “5.7.1”

After further investigation, I turned off the authenticator enrollment/global session policies I created for my mobile app to test. After that it worked fine, defaulting to what our sign in widget is using. I’m guessing due to the different enrollment policy the authenticator ids didn’t align so it wanted me to still enroll.

Not sure if newer versions of the sign in widget handle this differently, if so great.

But can mark as resolved, just wanted to note that I found the discrepancy.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.