You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, thank you for updating the library to support headers for proxy clients! I think the implementation is close to complete, but I did notice a minor annoyance. Details follow:
Reproduction Steps
OBSERVED:
Construct a RequestContext with three headers:
Header.xForwardedFor(xForwardedFor)
Header.xDeviceFingerprint(deviceFingerprint)
Header.userAgent(userAgent)
Use authenticate() on the DefaultAuthenticationClient with the RequestContext from step 1.
Observe in Okta Dev Console that User-Agent and IP Address show correctly in the Login Context
Log out / Log in multiple times
Notice that MFA is required each login attempt even though deviceFingerprint is used as a Header in the Request context
EXPECTED: The user should only have to MFA the first login attempt and once correctly passed MFA should not see MFA each and every login
Alternate Solution
Instead of passing a Header.xDeviceFingerprint(deviceFingerprint) to authenticate() as a RequestContext parameter, pass deviceFingerprint as part of the AuthenticationRequest parameter. Observe that MFA is correctly skipped in subsequent logins.
The text was updated successfully, but these errors were encountered:
I dug into this a bit. The device fingerprint isn't used when remembering the device for MFA purposes, it is used to notify a user that a new device has been used to login in to your Org.
First, thank you for updating the library to support headers for proxy clients! I think the implementation is close to complete, but I did notice a minor annoyance. Details follow:
Reproduction Steps
OBSERVED:
EXPECTED: The user should only have to MFA the first login attempt and once correctly passed MFA should not see MFA each and every login
Alternate Solution
Instead of passing a Header.xDeviceFingerprint(deviceFingerprint) to authenticate() as a RequestContext parameter, pass deviceFingerprint as part of the AuthenticationRequest parameter. Observe that MFA is correctly skipped in subsequent logins.
The text was updated successfully, but these errors were encountered: