Registration with email MFA Factor, how to complete MFA_CHALLENGE

Questions API
1

Hi,

I am trying to set up a registration flow using email MFA in our React Native application, I was hoping someone could help me with the proper steps and sequence of events that needs to happen, I keep getting stuck at MFA_CHALLENGE, even though, from what I understand, in the steps below I am activating and verifying the email factor.

We are using the OKTA api to interact with our instance, except for sign in, which we are using @okta/okta-auth-js

What Im currently doing:

  1. create user in okta
  2. enroll email factor MFA and send email with code using
// https://developer.okta.com/docs/reference/api/factors/#enroll-okta-email-factor)
const { data } = await oktaInstance.post<OktaGetFactorResponse>(
    `/api/v1/users/${userId}/factors?tokenLifetimeSeconds=600`,
    {
      factorType: 'email',
      provider: 'OKTA',
      profile: {
        email: email,
      },
    },
  );

  // This returns a status of PENDING_ACTIVATION on the factor

  1. User receives email with code, enters in our form

  2. Activate the email factor with the received code

// https://developer.okta.com/docs/reference/api/factors/#activate-email-factor
const { data } = await oktaInstance.post<OktaGetFactorResponse>(
    `/api/v1/users/${userId}/factors/${factorId}/lifecycle/activate`,
    { passCode },
  );

  // returns status ACTIVE on the email factor
  1. Active the user
// https://developer.okta.com/docs/reference/api/users/#activate-user
return oktaInstance.post<OktaApiActivateUserResponse>(
    `/api/v1/users/${userId}/lifecycle/activate?sendEmail=false`,
  );

  // returns an activationUrl and activationToken
  1. SignIn the user. From what I can see, the OKTA api does not provide an api endpoint for signIn, so we are using @okta/okta-auth-js in our react native applica
// this is using @okta/okta-auth-js
signIn = async (options: OktaSignInReq) => {
    const transaction = await getAuthClient().signInWithCredentials(options);
    return transaction as OktaSignInRes;
  };
  // this returns a status of MFA_REQUIRED

At this point, have I not already confirmed the email factor?

  1. After sign in, because the status is MFA_REQUIRED I do not get a session token back, so verify the login
  // find the signIn email factor and verify
  const emailFactor = signIn.factors?.find(item => {
    return item.factorType === 'email';
  });

  await emailFactor?.verify?.();
  returns status MFA_CHALLENGE

I don’t know how to proceed, or what steps I am missing. The status on the user is ACTIVE in our OKTA admin console.

I do not have sessionToken returned from the signIn step, so I cannot continue and do the authorization.

How do I complete the flow?

Thanks!

2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.