0D54z00009Vg50CCAROkta Classic EngineMulti-Factor AuthenticationAnswered2024-09-04T09:00:25.000Z2023-07-26T11:28:14.000Z2023-07-28T16:07:00.000Z

4ay26 (4ay26) asked a question.

Edited July 26, 2023 at 11:30 AM
MFA verify Email/SMS factor api is not returning session token

Hi,

 

I am implementing MFA with email and SMS in the application.

 

For the Authentication first I am calling Send SMS/Email challenge api to send the OTP.

Using that OTP, I am calling verify Email/SMS factor api. This flow is working fine and it is retuning me session id.

 

But, If I call Send SMS/Email challenge api and after that if I call resend challenge api in that case I am getting new OTP. but if I try to verify Email/SMS factor api with new OTP, I am not getting session id in the response but instead I am getting below response from OKTA-

 

{

    "expiresAt": "2023-07-25T14:35:42.000Z",

    "status": "MFA_CHALLENGE",

    "factorResult": "SUCCESS",

    "challengeType": "FACTOR"

}

 

Can someone help me and let me know why I am not getting session token in response?

  • 3 answers
  • 479 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @4ay26 (4ay26)​ , Thank you for reaching out to the Okta Community!

     

    I might be misunderstanding your use case but I'm not sure that the SMS/Email MFA "resend" option is available via Authentication with API. I've tested and checked the docs https://developer.okta.com/docs/reference/api/factors/#links-object and I'm interpreting this as it might only be available for Enrollment.

     

    When I tried it, I don't see an option to resend, so I just triggered an email challenge again and it works...everything is fine..and I get the session token as well.

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    💡 Community Moderator Tip: Join a group today and connect with other Okta customers by region or product.

    Expand Post

  • 4ay26 (4ay26)

    Thank you @Mihai Negoita - Okta (Okta, Inc.)​ for investing you time to look into this issue.

    But OKTA has api to resend the challenges and Which will send the OTP again.

     

    Resend Challenge API-

    curl --location --request POST '{{url}}/api/v1/authn/factors/{{factorId}}/verify/resend' \

    --header 'Accept: application/json' \

    --header 'Content-Type: application/json' \

    --data-raw '{

      "stateToken": ""

    }'

     

    By using the above api, I am getting new OTP as well from OKTA.

    Also, When I am using that OTP in verify challenge api it is not throwing me any error like invalid OTP.

    It means OTP is also valid but only thing is it is not returning me session token.

     

    {

        "expiresAt": "2023-07-25T14:35:42.000Z",

        "status": "MFA_CHALLENGE",

        "factorResult": "SUCCESS",

        "challengeType": "FACTOR"

    }

     

    Expand Post

    • Mihai Negoita - Okta (Okta, Inc.)

      Thank you for the clarification.  

      I tried to repro this but I think I'm missing a step. I only got 

       

      {

        "factorResult": "SUCCESS"

      }

       

      Not only am I missing a session token, but I'm also missing expiresAtstatus and challengeType

       

      I recommend opening a case to work with one of our Support Engineers that can set up a meeting with you to see exactly what's going on and get to the bottom this. 

      Expand Post
This question is closed.

Recommended content