Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add "deviceToken" parameter to authenticate() function - need it by 9/23/2019 #105

Open
efeluke opened this issue Sep 19, 2019 · 6 comments · May be fixed by #145 or #120
Open

Add "deviceToken" parameter to authenticate() function - need it by 9/23/2019 #105

efeluke opened this issue Sep 19, 2019 · 6 comments · May be fixed by #145 or #120
Assignees
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@efeluke
Copy link

efeluke commented Sep 19, 2019

In order to make "rememberDevice" work, user needs to send deviceToken in /authn API. Currently, OktaAPI.primaryAuthentication() supports "deviceToken" parameter, however, public function OktaAuthSdk.authenticate() does not. Should add it to enable the feature.

We plan to release our first version of mobile app for supporting Okta in 3 weeks, it would be great to have the fix by 9/23. Thanks.

Sample code:

class OktaAuthSdk:

public class func authenticate(with url: URL,
username: String,
password: String?,
deviceToken: String? = nil,
onStatusChange: @escaping (_ newStatus: OktaAuthStatus) -> Void,
onError: @escaping (_ error: OktaError) -> Void) {

    let unauthenticatedStatus = OktaAuthStatusUnauthenticated(oktaDomain: url)
    unauthenticatedStatus.authenticate(username: username,
                                       password: password ?? "",
                                       deviceToken: deviceToken,
                                       onStatusChange:onStatusChange,
                                       onError:onError)
}

class OktaAuthStatusUnauthenticated:

open func authenticate(username: String,
password: String,
deviceToken: String?,
onStatusChange: @escaping (_ newStatus: OktaAuthStatus) -> Void,
onError: @escaping (_ error: OktaError) -> Void) {

    restApi.primaryAuthentication(username: username,
                                  password: password,
                                  deviceToken: deviceToken,
                                  deviceFingerprint: nil)
    { result in
        self.handleServerResponse(result,
                                  onStatusChanged: onStatusChange,
                                  onError: onError)
    }
}
@efeluke efeluke changed the title Add "deviceToken" parameter to authenticate() function Add "deviceToken" parameter to authenticate() function - need it by 9/23/2019 Sep 19, 2019
@IldarAbdullin-okta IldarAbdullin-okta self-assigned this Sep 19, 2019
@IldarAbdullin-okta IldarAbdullin-okta added the enhancement New feature or request label Sep 19, 2019
@IldarAbdullin-okta
Copy link
Contributor

Hi @efeluke ,

Thank you for creating this ticket. I will add required functionality early next week. I will keep you posted!

Ildar

@IldarAbdullin-okta
Copy link
Contributor

HI @efeluke,

According to the documentation:
Specifying your own deviceToken is a highly privileged operation limited to trusted web applications and requires making authentication requests with a valid API token. If an API token is not provided, the deviceToken will be ignored.
https://developer.okta.com/docs/reference/api/authn/#primary-authentication-with-trusted-application

Mobile application is untrusted application and can't use deviceToken. So it is by design that there is no public API for that

Ildar

@efeluke
Copy link
Author

efeluke commented Sep 20, 2019

Why is Mobile application considered untrusted? Why does Okta SDK for Android provide that functionality?

@IldarAbdullin-okta
Copy link
Contributor

Mobile applications are untrusted because they can't use admin API token due to security reasons
Regarding Android SDK, it is built on top of java SDK, and java SDK is mostly used for server applications, that is why deviceToken is available for Android. We have to fix that part in Android SDK

@eberttc
Copy link

eberttc commented Sep 30, 2020

Hi @IldarAbdullin-okta we`re using deviceToken from iOS/android sdks and they don't need API token. I found this issue okta/okta-developer-docs#782 about wrong docuemntation , could you confirm if we are in the correct way?

@IldarAbdullin-okta
Copy link
Contributor

Hi @eberttc ,

I'm going to re-open this ticket and bring this to the team for discussion. There could be a chance that server just ignores deviceToken if api token is not provided. I need some assistance from server folks

Ildar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
4 participants