
bb59t (bb59t) asked a question.
Hi team,
I would like to know when a stolen token is used by a threat actor (for say) or in general an authenticated user with valid token authenticates to Okta - what would be the credential type in such case where session token is used to authenticate.
which one would be from below types - or there are other types missing from documentation
credentialTypeOTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID

Hello @bb59t (bb59t) Thank you for reacting out to our Community!
It depends on what the threat actor will use if it's a toke from your app like OIDC or OAuth it should be OAUTH2 or JWT. If it's a session then it should be OKTA_CLIENT_SESSION.
All credential type that can be user are found here:
https://developer.okta.com/docs/reference/api/system-log/#authenticationcontext-object
Community members help others by clicking Like or Select as Best on responses. Try it today.
What you missed: new product releases and other announcements