This article explains why a custom authenticator does not appear in the User Interface (UI) or Sign-In Widget (SIW) when attempting to enroll a new authenticator.
- Custom Push authenticators
- Okta Devices Software Development Kit (SDK)
- Android (Kotlin)
- MyAccount App Authenticators Application Programming Interface (API)
- Sign-In Widget (SIW)
- Okta identity Engine (OIE)
Custom Push authenticators are hidden in the SIW because the standard widget cannot access the internal push tokens of a mobile application. Enrollment requires a registration token from Firebase Cloud Messaging (FCM). Since the widget cannot capture these tokens or generate the necessary metadata, it cannot facilitate the enrollment of a custom application.
Custom Push authenticators must be enrolled programmatically within the specific mobile application using the SDK or the MyAccount App Authenticators API. To resolve the issue, perform the following:
-
Capture the registration token from FCM within the mobile application code.
val enrollments: List<PushEnrollment> = authenticator.allEnrollments().getOrThrow()
// Find the enrollment associated with the current user
enrollments.find { it.user().name == "myUser" }?.let { pushEnrollment ->
pushEnrollment.updateRegistrationToken(AuthToken.Bearer("accessToken"), FcmToken("newToken"))
.onSuccess { println("success") }
.onFailure { println("failure") }
}
- Trigger the enrollment flow from inside the mobile application and pass the captured token to Okta by using the
enroll()method provided in the Okta Devices SDK for Kotlin.
val authConfig = DeviceAuthenticatorConfig(URL(orgUrl), "oidcClientId")
val result = authenticator.enroll(AuthToken.Bearer("accessToken"), authConfig, EnrollmentParameters.Push(FcmToken("registrationToken"), enableUserVerification = false, enableCiba = false))
if (result.isSuccess) {
val pushEnrollment: PushEnrollment = result.getOrThrow()
}
