Using oAuth flow to trigger OKTA authetication to verify identity

n my Application, I have several points where the user legally signs a document. In the past, I had the user authenticate by entering their password to prove their identity. I am trying to move the app to use OKTA and OAuth to authenticate users when logging in. However, I am looking for a way to trigger the application to force the user to prove their identity again. Effectively signing at that point means that they are who they claim and are authorizing the signature. The only point where a web browser is used is when the user is initially authenticating and performing the front identity flow. Is there a way or backend API that allows an application to force OKTA Auth to verify the user’s identity and that they are authorizing the action being performed?

Or am I trying to do this the wrong way and need another direction? If so, do you have any suggestions on how to best accomplish this?

Take a look at Step-Up Authentication and the behavior it mentions when max_age=0 to see if the options outlined there will be a fit for your use case.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.