-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can not login with app-level MFA using token.getWithoutPrompt #1454
Comments
Not a solution, but I worked around this by catching the error returned by This doesn't display a prompt for anyone who doesn't require MFA, but shows it when factor validation is required. |
Thanks for the report, we will look into this Internal Ref: OKTA-644786 |
Is there any update on this issue? I can't view the ticket: https://oktainc.atlassian.net/browse/OKTA-644786 |
I am also having the same issue: |
@lewisdoesstuff do you still have this solution in place?
|
Hey! Yeah, I'm still using this and it works well. I have my own sign-in form UI, which attempts to log in with the entered credentials. When MFA is required ( This only happens if an MFA confirmation is required. It's possible (i think) for it to error when MFA is required, but a prompt is not? In these cases, the user doesn't see anything (thanks to After this, the regular login flow continues. My implantations are all Vue SPAs, so this might differ for you |
I am looking at implementing the similar solution that @lewisdoesstuff did. I'm wanting to turn on MFA for a user group. I expect the same results from those calls that Lew has mentioned. Wanted to see if there's been any progress on changing the status from
Ideally, we'd like not to display a different UI screen to the user and host the MFA selection and code entering on our UI. So if we get an error from |
@pdubb29 This forum post should help explain the situation. Essentially what you're trying to achieve is not possible with the |
Describe the bug
I'm running into issues trying to add MFA support to my custom sign-in form.
This works fine without MFA, using PKCE and
signInWithCredentials
, then callingtoken.getWithoutPrompt
to fetch the tokens.However, once MFA is enabled on the app, this seems to behave differently to what the Authn API says.
Calling
signInWithCredentials
returns a transaction with a status ofSUCCESS
, instead of the expectedMFA_REQUIRED
.Then, as we're not able to detect that MFA is required, the regular (successful) login handler is used, and
token.getWithoutPrompt
throws an error:The client specified not to prompt, but the client app requires re-authentication or MFA.
This works fine if I call
signInWithRedirect
, as the MFA prompt is handled by the Okta-hosted page, but I'd like to handle this in-app, without redirecting to another page to complete the MFA challenge.Reproduction Steps?
Can't share a repo, unfortunately, but to reproduce:
pkce: true
authClient.signInWithCredentials(username, password)
to get the transactionstatus: 'SUCCESS'
, as expected.token.getWithoutPrompt
returnsThe client specified not to prompt, but the client app requires re-authentication or MFA.
SDK Versions
System:
OS: Windows 10
CPU: x64 11th Gen Intel(R) Core(TM) i9-11900H @ 2.50GHz
Memory: 13.33 GB / 31.67 GB
Binaries:
Node: 16.18.0 - ~\Applications\node-v16.18.0-win-x64\node.EXE
npm: 8.19.2 - ~\Applications\node-v16.18.0-win-x64\npm.CMD
Browsers:
Edge: 44.19041.1266.0
Internet Explorer: 11.0.19041.1566
It didn't return the
okta-auth-js
package version, but it's"@okta/okta-auth-js": "^7.3.0"
Additional Information?
No response
The text was updated successfully, but these errors were encountered: