Trusted Application Authentication - Device Token?

Where is the device token generated for the Trusted Application Authentication Workflow. The example curl command has the below line, where do I get the device token?

"context": {
    "deviceToken": "26q43Ak9Eh04p7H6Nnx0m69JqYOrfVBY"

When making an /authn request with a Trusted Application, you will be the one setting the deviceToken which is defined as “A globally unique ID (without hyphens) identifying the user’s client device or user agent”

More details about this and best practices for generating a deviceToken can be found in our docs:

Device Token best practices
Use the following recommendations as guidelines for generating and storing a deviceToken for both web and local applications.

Web apps
Okta recommends that you generate a UUID or GUID for each client and persist the deviceToken using a secure, HTTP-only cookie, or HTML5 localStorage scoped to the customer’s domain as the default implementation. See Cookie flags that matter (opens new window)for more best practices on hardening HTTP cookies.

Local apps
Ask the device operating system for a unique device ID. See Apple’s information on DeviceCheck (opens new window)for an example.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.