n my Application, I have several points where the user legally signs a document. In the past, I had the user authenticate by entering their password to prove their identity. I am trying to move the app to use OKTA and OAuth to authenticate users when logging in. However, I am looking for a way to trigger the application to force the user to prove their identity again. Effectively signing at that point means that they are who they claim and are authorizing the signature. The only point where a web browser is used is when the user is initially authenticating and performing the front identity flow. Is there a way or backend API that allows an application to force OKTA Auth to verify the user’s identity and that they are authorizing the action being performed?
Or am I trying to do this the wrong way and need another direction? If so, do you have any suggestions on how to best accomplish this?