Add "deviceToken" parameter to authenticate() function - need it by 9/23/2019

[efeluke]

In order to make "rememberDevice" work, user needs to send deviceToken in /authn API. Currently, OktaAPI.primaryAuthentication() supports "deviceToken" parameter, however, public function OktaAuthSdk.authenticate() does not. Should add it to enable the feature.

We plan to release our first version of mobile app for supporting Okta in 3 weeks, it would be great to have the fix by 9/23. Thanks.

Sample code:

class OktaAuthSdk:

public class func authenticate(with url: URL,
username: String,
password: String?,
deviceToken: String? = nil,
onStatusChange: @escaping (_ newStatus: OktaAuthStatus) -> Void,
onError: @escaping (_ error: OktaError) -> Void) {

    let unauthenticatedStatus = OktaAuthStatusUnauthenticated(oktaDomain: url)
    unauthenticatedStatus.authenticate(username: username,
                                       password: password ?? "",
                                       deviceToken: deviceToken,
                                       onStatusChange:onStatusChange,
                                       onError:onError)
}

class OktaAuthStatusUnauthenticated:

open func authenticate(username: String,
password: String,
deviceToken: String?,
onStatusChange: @escaping (_ newStatus: OktaAuthStatus) -> Void,
onError: @escaping (_ error: OktaError) -> Void) {

    restApi.primaryAuthentication(username: username,
                                  password: password,
                                  deviceToken: deviceToken,
                                  deviceFingerprint: nil)
    { result in
        self.handleServerResponse(result,
                                  onStatusChanged: onStatusChange,
                                  onError: onError)
    }
}

[IldarAbdullin-okta]

Hi @efeluke ,

Thank you for creating this ticket. I will add required functionality early next week. I will keep you posted!

Ildar

[IldarAbdullin-okta]

HI @efeluke,

According to the documentation:
Specifying your own deviceToken is a highly privileged operation limited to trusted web applications and requires making authentication requests with a valid API token. If an API token is not provided, the deviceToken will be ignored.
https://developer.okta.com/docs/reference/api/authn/#primary-authentication-with-trusted-application

Mobile application is untrusted application and can't use deviceToken. So it is by design that there is no public API for that

Ildar

[efeluke]

Why is Mobile application considered untrusted? Why does Okta SDK for Android provide that functionality?

[IldarAbdullin-okta]

Mobile applications are untrusted because they can't use admin API token due to security reasons
Regarding Android SDK, it is built on top of java SDK, and java SDK is mostly used for server applications, that is why deviceToken is available for Android. We have to fix that part in Android SDK

[eberttc]

Hi @IldarAbdullin-okta we`re using deviceToken from iOS/android sdks and they don't need API token. I found this issue okta/okta-developer-docs#782 about wrong docuemntation , could you confirm if we are in the correct way?

[IldarAbdullin-okta]

Hi @eberttc ,

I'm going to re-open this ticket and bring this to the team for discussion. There could be a chance that server just ignores deviceToken if api token is not provided. I need some assistance from server folks

Ildar