Sign in Widget & sessions API returning different status


#1

I’m having the same issue as this https://support.okta.com/help/answers?id=9062A000000XZogQAG

The signin widget has a active of ‘ACTIVE’ while a backend API call to /api/v1/sessions/ says the status is ‘MFA_REQUIRED’

Here is the code:

The status is ‘ACTIVE’ here in the frontend : https://github.com/DavidWells/netlify-gated-sites/blob/master/okta/login-site-okta/src/App.js#L58

But when trying to verify server side it says the status is ‘MFA_REQUIRED’ here: https://github.com/DavidWells/netlify-gated-sites/blob/master/okta/login-site-okta/functions/verify-okta-session.js#L32

Whats going on here? How can I verify the session correctly?


#2

This definitely seems like interesting behavior. Mind shooting us an email to developers@okta.com?

I think this is going to require some troubleshooting.

Thanks,
Tom


#3

Hey @tom thanks for the reply. I just sent an email


#4

Hey @tom I never got a response back from developers@okta.com

How can we figure out this issue? It’s holding back a release of a demo I’m building

Thanks


#5

Hi @davidwells - sorry for the delay, I was on PTO.

I need some more information about your set up. How is MFA set up in your org?

The only thing that can come to mind here is that maybe the widget is using the fingerprinting functionality and your backchannel server call is not, and that would return MFA_REQUIRED.


#6

My app is setup in here: https://dev-652264-admin.oktapreview.com/admin/app/oidc_client/instance/0oafn99h3qdL5jY6P0h7/#tab-assignments

It is setup with SMS auth https://www.screencast.com/t/e03b0RRt https://www.screencast.com/t/hTphcokhQ9

https://dev-652264-admin.oktapreview.com/admin/access/multifactor

The site is here: https://okta-login-portal.netlify.com/. When trying to verify the token server side it says the status is ‘MFA_REQUIRED’ here: https://github.com/DavidWells/netlify-gated-sites/blob/master/okta/login-site-okta/functions/verify-okta-session.js#L32 1

Thanks for your help