[okta-auth-js] How to check for failure on idx.authenticate w/ incorrect user/pw

mmd · June 2, 2023, 8:26pm

I’m using the okta-auth-js sdk and making a call to idx.authenticate with an incorrect username and password. I want to know what attribute on the response object am I supposed to use to check if the call failed? I don’t want to read an attribute like the messages for example in case those change in the future.

Is checking if (!res.requestDidSucceed) reliable?
Also, why does the failed transaction return a status of ‘PENDING’ instead of ‘FAILURE’ and why does it not return the status code of 401 which it received from the /challenge call which I can see in the network tab.

erik · June 4, 2023, 4:39am

Hello,

I am posting a sample response for a incorrect user/password attempt.
Messages is where you would want to look. Instead of relying on the message you can go off of the key and class to know it was an error.
Okta is not going to return what the issue was, wrong user/pass as this would be a security issue.
The transaction will still be pending with the next step to enter password again which is what you would want if the user mistyped their password.

{
    "version": "1.0.0",
    "stateHandle": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
    "expiresAt": "2023-06-04T06:28:41.000Z",
    "intent": "LOGIN",
    "remediation": {
        "type": "array",
        "value": [
            {
                "rel": [
                    "create-form"
                ],
                "name": "challenge-authenticator",
                "relatesTo": [
                    "$.currentAuthenticatorEnrollment"
                ],
                "href": "https://domain.okta.com/idp/idx/challenge/answer",
                "method": "POST",
                "produces": "application/ion+json; okta-version=1.0.0",
                "value": [
                    {
                        "name": "credentials",
                        "type": "object",
                        "form": {
                            "value": [
                                {
                                    "name": "passcode",
                                    "label": "Password",
                                    "secret": true
                                }
                            ]
                        },
                        "required": true
                    },
                    {
                        "name": "stateHandle",
                        "required": true,
                        "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                        "visible": false,
                        "mutable": false
                    }
                ],
                "accepts": "application/json; okta-version=1.0.0"
            },
            {
                "rel": [
                    "create-form"
                ],
                "name": "select-authenticator-authenticate",
                "href": "https://domain.okta.com/idp/idx/challenge",
                "method": "POST",
                "produces": "application/ion+json; okta-version=1.0.0",
                "value": [
                    {
                        "name": "authenticator",
                        "type": "object",
                        "options": [
                            {
                                "label": "Password",
                                "value": {
                                    "form": {
                                        "value": [
                                            {
                                                "name": "id",
                                                "required": true,
                                                "value": "aut5221bc12GLFocI697",
                                                "mutable": false
                                            },
                                            {
                                                "name": "methodType",
                                                "required": false,
                                                "value": "password",
                                                "mutable": false
                                            }
                                        ]
                                    }
                                },
                                "relatesTo": "$.authenticatorEnrollments.value[0]"
                            }
                        ]
                    },
                    {
                        "name": "stateHandle",
                        "required": true,
                        "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                        "visible": false,
                        "mutable": false
                    }
                ],
                "accepts": "application/json; okta-version=1.0.0"
            }
        ]
    },
    "messages": {
        "type": "array",
        "value": [
            {
                "message": "Authentication failed",
                "i18n": {
                    "key": "errors.E0000004"
                },
                "class": "ERROR"
            }
        ]
    },
    "currentAuthenticatorEnrollment": {
        "type": "object",
        "value": {
            "recover": {
                "rel": [
                    "create-form"
                ],
                "name": "recover",
                "href": "https://domain.okta.com/idp/idx/recover",
                "method": "POST",
                "produces": "application/ion+json; okta-version=1.0.0",
                "value": [
                    {
                        "name": "stateHandle",
                        "required": true,
                        "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                        "visible": false,
                        "mutable": false
                    }
                ],
                "accepts": "application/json; okta-version=1.0.0"
            },
            "type": "password",
            "key": "okta_password",
            "displayName": "Password",
            "methods": [
                {
                    "type": "password"
                }
            ]
        }
    },
    "authenticators": {
        "type": "array",
        "value": [
            {
                "type": "password",
                "key": "okta_password",
                "id": "aut5221bc12GLFocI697",
                "displayName": "Password",
                "methods": [
                    {
                        "type": "password"
                    }
                ],
                "allowedFor": "sso"
            }
        ]
    },
    "authenticatorEnrollments": {
        "type": "array",
        "value": [
            {
                "type": "password",
                "key": "okta_password",
                "displayName": "Password",
                "methods": [
                    {
                        "type": "password"
                    }
                ]
            }
        ]
    },
    "cancel": {
        "rel": [
            "create-form"
        ],
        "name": "cancel",
        "href": "https://domain.okta.com/idp/idx/cancel",
        "method": "POST",
        "produces": "application/ion+json; okta-version=1.0.0",
        "value": [
            {
                "name": "stateHandle",
                "required": true,
                "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                "visible": false,
                "mutable": false
            }
        ],
        "accepts": "application/json; okta-version=1.0.0"
    },
    "app": {
        "type": "object",
        "value": {
            "name": "oidc_client",
            "label": "My SPA",
            "id": "0oa578b9h4I3v9HkC697"
        }
    },
    "authentication": {
        "type": "object",
        "value": {
            "protocol": "OAUTH2.0",
            "issuer": {
                "id": "aus52063jmJR6WCuX697",
                "name": "default",
                "uri": "https://domain.okta.com/oauth2/default"
            },
            "request": {
                "max_age": -1,
                "scope": "openid profile email offline_access",
                "response_type": "code",
                "redirect_uri": "http://localhost:8080/oidc-appredirect-A.html",
                "state": "c08fOLpTGFxrnNudROa4xSN49g9P7tpRVEL86LxF68REBbgpeqcLfXlzfXzv6pwe",
                "code_challenge_method": "S256",
                "nonce": "ILpPQ9GLaM849ruYTQpuKy1iSOOgklSwoj9QhEKUsCdQYUk2JKBhBtGhEMnsjJEt",
                "code_challenge": "kk0BHI6W8zZqL_TtZxeyW9GKMdXzn5kxH_8T6HhmEyc",
                "response_mode": "query"
            }
        }
    }
}

system · June 7, 2023, 12:59am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.