2abi0 (2abi0) asked a question.
Hello
We would like to have an ios app with our own login experience (no redirect to okta login page) and with the use of MFA.
As far as we could understand the regular flows of openid connect will not allow to do that (because of the use of MFA).
So we built authentication flow base on okta api. We are able to authenticate, enroll/activate/verify MFA and getting one time session token and replace it with access token using /authorize api (response_type=token id_token).
The only problem we have is that we are not able to obtain refresh token.
In short the flow is
Authenticate->MFA verify->exchange session token with access token.
How do we get refresh token?
The flows on the /authorize require us to do additional authentication without MFA which we don’t want.
The flows on /token require that you already have a refresh token.
Thanks
A refresh token is a special token that is used to generate additional access tokens.This allows you to have short-lived access tokens without having to collect credentials every single time one expires. You request this token alongside the access and/or ID tokens as part of a user’s initial authentication flow. More info can be found in the following article:
https://developer.okta.com/authentication-guide/tokens/refreshing-tokens#how-to-get-a-refresh-tokenTo