[okta-auth-js] How to check for failure on idx.authenticate w/ incorrect user/pw

mmd · June 2, 2023, 8:26pm

I’m using the okta-auth-js sdk and making a call to idx.authenticate with an incorrect username and password. I want to know what attribute on the response object am I supposed to use to check if the call failed? I don’t want to read an attribute like the messages for example in case those change in the future.

Is checking if (!res.requestDidSucceed) reliable?
Also, why does the failed transaction return a status of ‘PENDING’ instead of ‘FAILURE’ and why does it not return the status code of 401 which it received from the /challenge call which I can see in the network tab.

erik · June 4, 2023, 4:39am

Hello,

I am posting a sample response for a incorrect user/password attempt.
Messages is where you would want to look. Instead of relying on the message you can go off of the key and class to know it was an error.
Okta is not going to return what the issue was, wrong user/pass as this would be a security issue.
The transaction will still be pending with the next step to enter password again which is what you would want if the user mistyped their password.

{
    "version": "1.0.0",
    "stateHandle": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
    "expiresAt": "2023-06-04T06:28:41.000Z",
    "intent": "LOGIN",
    "remediation": {
        "type": "array",
        "value": [
            {
                "rel": [
                    "create-form"
                ],
                "name": "challenge-authenticator",
                "relatesTo": [
                    "$.currentAuthenticatorEnrollment"
                ],
                "href": "https://domain.okta.com/idp/idx/challenge/answer",
                "method": "POST",
                "produces": "application/ion+json; okta-version=1.0.0",
                "value": [
                    {
                        "name": "credentials",
                        "type": "object",
                        "form": {
                            "value": [
                                {
                                    "name": "passcode",
                                    "label": "Password",
                                    "secret": true
                                }
                            ]
                        },
                        "required": true
                    },
                    {
                        "name": "stateHandle",
                        "required": true,
                        "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                        "visible": false,
                        "mutable": false
                    }
                ],
                "accepts": "application/json; okta-version=1.0.0"
            },
            {
                "rel": [
                    "create-form"
                ],
                "name": "select-authenticator-authenticate",
                "href": "https://domain.okta.com/idp/idx/challenge",
                "method": "POST",
                "produces": "application/ion+json; okta-version=1.0.0",
                "value": [
                    {
                        "name": "authenticator",
                        "type": "object",
                        "options": [
                            {
                                "label": "Password",
                                "value": {
                                    "form": {
                                        "value": [
                                            {
                                                "name": "id",
                                                "required": true,
                                                "value": "aut5221bc12GLFocI697",
                                                "mutable": false
                                            },
                                            {
                                                "name": "methodType",
                                                "required": false,
                                                "value": "password",
                                                "mutable": false
                                            }
                                        ]
                                    }
                                },
                                "relatesTo": "$.authenticatorEnrollments.value[0]"
                            }
                        ]
                    },
                    {
                        "name": "stateHandle",
                        "required": true,
                        "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                        "visible": false,
                        "mutable": false
                    }
                ],
                "accepts": "application/json; okta-version=1.0.0"
            }
        ]
    },
    "messages": {
        "type": "array",
        "value": [
            {
                "message": "Authentication failed",
                "i18n": {
                    "key": "errors.E0000004"
                },
                "class": "ERROR"
            }
        ]
    },
    "currentAuthenticatorEnrollment": {
        "type": "object",
        "value": {
            "recover": {
                "rel": [
                    "create-form"
                ],
                "name": "recover",
                "href": "https://domain.okta.com/idp/idx/recover",
                "method": "POST",
                "produces": "application/ion+json; okta-version=1.0.0",
                "value": [
                    {
                        "name": "stateHandle",
                        "required": true,
                        "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                        "visible": false,
                        "mutable": false
                    }
                ],
                "accepts": "application/json; okta-version=1.0.0"
            },
            "type": "password",
            "key": "okta_password",
            "displayName": "Password",
            "methods": [
                {
                    "type": "password"
                }
            ]
        }
    },
    "authenticators": {
        "type": "array",
        "value": [
            {
                "type": "password",
                "key": "okta_password",
                "id": "aut5221bc12GLFocI697",
                "displayName": "Password",
                "methods": [
                    {
                        "type": "password"
                    }
                ],
                "allowedFor": "sso"
            }
        ]
    },
    "authenticatorEnrollments": {
        "type": "array",
        "value": [
            {
                "type": "password",
                "key": "okta_password",
                "displayName": "Password",
                "methods": [
                    {
                        "type": "password"
                    }
                ]
            }
        ]
    },
    "cancel": {
        "rel": [
            "create-form"
        ],
        "name": "cancel",
        "href": "https://domain.okta.com/idp/idx/cancel",
        "method": "POST",
        "produces": "application/ion+json; okta-version=1.0.0",
        "value": [
            {
                "name": "stateHandle",
                "required": true,
                "value": "02.id.H4IKrfk5yOVStdWl0yORSNH81ZkIAPGtseTMW3Uc~drd",
                "visible": false,
                "mutable": false
            }
        ],
        "accepts": "application/json; okta-version=1.0.0"
    },
    "app": {
        "type": "object",
        "value": {
            "name": "oidc_client",
            "label": "My SPA",
            "id": "0oa578b9h4I3v9HkC697"
        }
    },
    "authentication": {
        "type": "object",
        "value": {
            "protocol": "OAUTH2.0",
            "issuer": {
                "id": "aus52063jmJR6WCuX697",
                "name": "default",
                "uri": "https://domain.okta.com/oauth2/default"
            },
            "request": {
                "max_age": -1,
                "scope": "openid profile email offline_access",
                "response_type": "code",
                "redirect_uri": "http://localhost:8080/oidc-appredirect-A.html",
                "state": "c08fOLpTGFxrnNudROa4xSN49g9P7tpRVEL86LxF68REBbgpeqcLfXlzfXzv6pwe",
                "code_challenge_method": "S256",
                "nonce": "ILpPQ9GLaM849ruYTQpuKy1iSOOgklSwoj9QhEKUsCdQYUk2JKBhBtGhEMnsjJEt",
                "code_challenge": "kk0BHI6W8zZqL_TtZxeyW9GKMdXzn5kxH_8T6HhmEyc",
                "response_mode": "query"
            }
        }
    }
}

system · June 7, 2023, 12:59am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Show lock out failure for user authenticating with incorrect credentials OAuth/OIDC api	2	2106	February 15, 2024
[okta-auth-js]: okta.idx.recoverPassword mostly completes but triggers Push Notification API authjs , idx	1	69	September 25, 2024
Okta oneID does not authenticate OAuth/OIDC	4	2573	October 10, 2022
Lock out status is not obtained in the authenticate API response Questions	2	1631	September 7, 2023
Logout misbehaviour Questions	7	2936	February 7, 2024

[okta-auth-js] How to check for failure on idx.authenticate w/ incorrect user/pw

Related topics