Hello all!
I am trying to find the simplest way to integrate Okta (Identity engine) into a Vue web app & Vue + Capacitor mobile app.
The most tempting one was using the redirect model, and i was able to set that one up easily. However, I don’t see a way of adding biometric log in this way for the mobile app. Am I missing something?
Thank you in advance
Hi! Oh, so many possibilities 
We need a little more information about what you are trying to accomplish, and what you mean by “biometric log”. That could mean you want the application to get information about the physical inherence (fingerprint, facial recognition, etc.) for authentication, or it could just mean you want to ensure it was used.
A second issue is do you want to ensure the inherence takes place on the same device where authentication is taking place? Or are you looking for a multi-factor authentication solution where the user can be authenticating to a web application and use something like Okta Verify on their mobile device?
The third issue: is this for workforce identity (employees, contractors, or partners) where we can force specific authenticators like Okta Verify? Or customer identity where we have to leverage authenticators the customer chooses to use? Okta supports both, so we have to ask.
In any case you are on the right track with redirect, there are many reasons that embedding the authentication in the application (the only other choice) is a bad idea. Once the goal is clear it will be easier to explain.
First of all, thanks for the detailed response and sorry for being so vague.
To give more context on my use-case, cause maybe the original question was misleading.
We have this app (Vue web + Vue/Capacitor mobile app) use Okta through some backend endpoints for authentication. The Okta client was the backend itself, and it provided the frontends with tokens & refreshTokens.
In this setup, on the mobile app there was a bit of an ugly way of using biometrics for logging in: after the user entered their credentials, they were stored (encrypted) in the preference API. Next time, they were prompted to use biometric authentication and if the biometrics verification passed, we called the backend’s /login endpoint with the previously stored credentials.
Even though I see that this approach was wrong (we shouldn’t have stored the user’s credentials), it would be nice to provide a similar user experience even now, that we are moving away to communicating with Okta directly, from the front-end. At this point, I’m not even sure that something similar would be possible - like to be able to bypass the prompt for credentials with biometric authentication.
Ah, passwordless authentication. It is possible for your requirement in two different ways. First, built-in you can use Okta Verify or possibly a FIDO key with biometrics. Okta Verify works with FastPass and biometrics on the computer (Windows/Mac, no Linux yet). It doesn’t sound like you want to go with the second option, so if you are in a workforce environment you can make employees use OV. In a customer identity environment you could request they use OV. They must enroll the device with OV first for this to work. You can force that with an enrollment policy that does it on login, or they can do it from the Okta end-user dashboard. Then set up the authentication policy in front of the app like this:
The second option is more complicated, but maybe still in your wheelhouse. If you do not want to use OV, or you are trying to do this with customer identity, you can use the Okta Devices SDK to build your own authenticator to trigger biometrics on the device. The your customer authenticator would show up in rule, in the list of authenticators that fulfill the policy. Look here: GitHub - okta/okta-devices-swift: okta-devices-swift, and here: GitHub - okta/okta-devices-kotlin: okta-devices-kotlin .
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
