Hi,
I am trying to set up a registration flow using email MFA in our React Native application, I was hoping someone could help me with the proper steps and sequence of events that needs to happen, I keep getting stuck at MFA_CHALLENGE, even though, from what I understand, in the steps below I am activating and verifying the email factor.
We are using the OKTA api to interact with our instance, except for sign in, which we are using @okta/okta-auth-js
What Im currently doing:
- create user in okta
- enroll email factor MFA and send email with code using
// https://developer.okta.com/docs/reference/api/factors/#enroll-okta-email-factor)
const { data } = await oktaInstance.post<OktaGetFactorResponse>(
`/api/v1/users/${userId}/factors?tokenLifetimeSeconds=600`,
{
factorType: 'email',
provider: 'OKTA',
profile: {
email: email,
},
},
);
// This returns a status of PENDING_ACTIVATION on the factor
-
User receives email with code, enters in our form
-
Activate the email factor with the received code
// https://developer.okta.com/docs/reference/api/factors/#activate-email-factor
const { data } = await oktaInstance.post<OktaGetFactorResponse>(
`/api/v1/users/${userId}/factors/${factorId}/lifecycle/activate`,
{ passCode },
);
// returns status ACTIVE on the email factor
- Active the user
// https://developer.okta.com/docs/reference/api/users/#activate-user
return oktaInstance.post<OktaApiActivateUserResponse>(
`/api/v1/users/${userId}/lifecycle/activate?sendEmail=false`,
);
// returns an activationUrl and activationToken
- SignIn the user. From what I can see, the OKTA api does not provide an api endpoint for signIn, so we are using @okta/okta-auth-js in our react native applica
// this is using @okta/okta-auth-js
signIn = async (options: OktaSignInReq) => {
const transaction = await getAuthClient().signInWithCredentials(options);
return transaction as OktaSignInRes;
};
// this returns a status of MFA_REQUIRED
At this point, have I not already confirmed the email factor?
- After sign in, because the status is MFA_REQUIRED I do not get a session token back, so verify the login
// find the signIn email factor and verify
const emailFactor = signIn.factors?.find(item => {
return item.factorType === 'email';
});
await emailFactor?.verify?.();
returns status MFA_CHALLENGE
I don’t know how to proceed, or what steps I am missing. The status on the user is ACTIVE in our OKTA admin console.
I do not have sessionToken returned from the signIn step, so I cannot continue and do the authorization.
How do I complete the flow?
Thanks!