Primary Authentication with Activation Token

I’m in need of making my own custom Login Solution. I have come across an API call i think will be of use but need some clarification on how it works exactly.

https://developer.okta.com/docs/api/resources/authn#request-example-for-activation-token

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36" \
-H "X-Forwarded-For: 23.235.46.133" \
-d '{
  "token": "o7AFoTGE9xjQiHQK6dAa"
}' "https://dev-472892.oktapreview.com/api/v1/authn"

This section of the documentation mentions a activation token but also an api token and device token. In the example request there are only 2 tokens passed, one being api token, the other however is generically labeled “token”. I have not come across the phrase activation token anywhere else at all. So my question is: is there a such thing as an activation token? If there is where does it come from? If there is not, in the above example api request should the “token” there be the device token. Lastly If it should be the device token is there also a call to register that device token with that specific trusted application?

Any tips or assistance would be greatly appreciated.

The activation token is using something designed for activating the user. I have a hard time recommending something that wasn’t designed for a custom login solution.

Can you provide some more information about your Custom Login Solution and what you are building?

There might be a better solution.

Hi Tom,

Thanks for the speedy reply. What we are trying to do is enable Fingerprint
login in our existing ionic application. So basically I’m looking for an
api call that will allow me to authenticate a user without using their
username or password. We have a node js server that will live in between
the ionic app and okta so the idea was to authenticate the device with the
node server and from there use a stored token to authenticate the user.
Have you guys worked with other clients to implement fingerprint auth?

Thanks,
Don

Are you requiring the user to login once? And then gate access via a fingerprint from there on out?

What you can do is configure Okta’s authorization server to return a long-lived refresh token and an access token and protect them behind a fingerprint using Ionic’s libraries for doing so.

When you need to make an API call and your application does not have the tokens, force fingerprint and then you can work with the tokens as normal.

Make sense?

That is the approach I have choosen to go with, thanks. Was unsure the tokens would be what i needed but after playing with them in postman this morning they are exactly what i was looking for.

Thanks for the help.