I’m using the /authn API to authenticate a user with the deviceToken as part of the context body as follow:
{
“username”: “john.doe”,
“password”: “@Notmypassword”,
“options”: {
“multiOptionalFactorEnroll”: false,
“warnBeforePasswordExpired”: false
},
“context”: {
“deviceToken”: “003AbXnlct0tVBzTY7MadwVrW3”
}
}
I’m able to get a sessionToken after going through MFA_REQUIRED, but I get challenged at every subsequent logins because my new device policy is being triggered. It seems like the New Device behavior policy does not understand the deviceToken. I keep seeing that my request is coming as a new device. Has anyone has seen this issue with OIE?