Okta-auth-js - Get accessToken after getting sessionToken via MFA

tduersch · September 7, 2023, 3:05pm

Hello! My team and I are currently in the process of trying to implement MFA on our React Native app. We were told that the current okta-react-native SDK doesn’t support MFA, so we were advised (from Okta) to use the okta-auth-js library to accomplish what we need to. We were given a code snippet of how to get tokens after successfully validating an MFA factor. Here is the code snippet -

var transaction = await getAuthClient().signInWithCredentials({ username, password });
const { status, sessionToken } = transaction;
console.log('status: ’ + status + ', sessionToken: ’ + sessionToken);
if (status === ‘MFA_REQUIRED’) {
console.log(transaction.factors);
//check for question
var questionFactor = transaction.factors.find(function(factor) {
return factor.provider === ‘OKTA’ && factor.factorType === ‘question’;
});
if (questionFactor) {
console.log(questionFactor);
var verifyResult = await questionFactor.verify({answer: ‘none’});
console.log('factor verify result: ’ + verifyResult.status + ’ ’ + verifyResult.sessionToken);
var tokens = await authenticate({ sessionToken: verifyResult.sessionToken });
console.log('tokens: ’ + tokens);
this.setState({
progress: false,
username: ‘’,
password: ‘’,
error: ‘’
}, () => navigation.navigate(‘Profile’));
}
} else if (status === ‘SUCCESS’) {
console.log(‘try to get tokens’);
var tokens = await authenticate({ sessionToken });
console.log(tokens);
this.setState({
progress: false,
username: ‘’,
password: ‘’,
error: ‘’
}, () => navigation.navigate(‘Profile’));
}

The only problem is there is no function called “authenticate” unless it’s referring to the object within the idx object of a given authClient (i.e. OktaAuth instance). I try to pass a session token right to this authenticate method, but it’s not working. I’d love to get some insight of what to do, what I am calling, etc… I am getting a sessionToken, but my main goal is to get an accessToken with that sessionToken. Let me know if I need to clarify anything.

Thanks!

poul-okta · September 13, 2023, 7:38pm

Hello,

The specific function to use is token.getWithoutPrompt and passing the session token. This function would be within the authClient object. There is an example of this function that includes how to pass the sessionToken and the responseType objectto this function at the following link

If the Implicit flow is being used, the responseType will be token.

tduersch · September 22, 2023, 4:11pm

Hi Poul-okta!
Thank you for your response. This is helping me get a little farther in the process. We do have PKCE turned on (The client authentication is set to “None” for our application) and I am getting an error message when calling this “getWithoutPrompt” function.

When I JSON.stringify the error I get this → ERROR! {“name”:“AuthSdkError”,“errorCode”:“INTERNAL”,“errorSummary”:“PKCE requires a modern browser with encryption support running in a secure context.\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.\n"TextEncoder" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.”,“errorLink”:“INTERNAL”,“errorId”:“INTERNAL”,“errorCauses”:}

Do you have an example of how I can use the PKCE in this workflow? We’d prefer not to have to go through a web browser if we can avoid it since our application is a React Native project and we have our own customized login-branded screen. What do you suggest?

poul-okta · September 26, 2023, 5:26pm

Absolutely, you’re very welcome.

This error can happen if the application’s redirect URI is using an http:// protocol as it requires https. When the authentication flow is being made, is it using a redirect_uri with the https:// prefix?

system · February 13, 2024, 4:59pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.