Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with the authentication response if only username is passed #171

Open
HarshaVardhanAnde opened this issue Jul 6, 2022 · 4 comments
Open

Issue with the authentication response if only username is passed #171

HarshaVardhanAnde opened this issue Jul 6, 2022 · 4 comments
Assignees
@bryanapellanes-okta
Labels
bug Something isn't working OKTA-512374

Comments

@HarshaVardhanAnde
Copy link

HarshaVardhanAnde commented Jul 6, 2022
edited
Loading

Describe the bug?

In OKTA Authentication Policy Rule, "User must authenticate with" is set to Possession Factor (or) Any 1 factor type (or) Any 2 factor types. For OKTA Authn API(Primary Authn) when only username is passed, in response we get all the authenticator factors list. But using Okta Idx dotnet sdk AuthenticatorAsync() method we are getting only password factor in authenticators list which is not expected.

OKTA Browser -
Endpoint - https://oie-tecnics-dev.oktapreview.com/idp/idx/identify
Payload - {"identifier":"username", "stateHandle":"statehandle-value"}
Response - https://jsonblob.com/1022053725833019392

SDK - AuthenticatorAsync() method
Payload - {"username" : "username"}
Response - https://jsonblob.com/1022050865690984448

What is expected to happen?

In authentication policies rule if "User must authenticate with" value is set to Possession Factor (or) Any 1 factor type (or) Any 2 factor types and when user gives only username in the payload we should get all the authenticators factors list as per the authentication policy rule set for the user.

What is the actual behavior?

In authentication policies rule if "User must authenticate with" value is set to is set to Possession Factor (or) Any 1 factor type (or) Any 2 factor types and when user gives only username in the payload for sdk AuthenticatorAync() method is returning only password factor in authenticators list.

Reproduction Steps?

  1. In authentication policies rule if "User must authenticate with" value is set to is set to Possession Factor (or) Any 1 factor type (or) Any 2 factor types
  2. Using sdk AuthenticatorAsync() method pass only the username in payload.

Additional Information?

No response

.NET Version

.NET Core 3.1

SDK Version

Okta.Idx.Sdk 2.2.1 (latest dotnet sdk)

OS version

Windows 11 :

BuildNumber Caption OSArchitecture Version
22000 Microsoft Windows 11 Pro 64-bit 10.0.22000

Windows 10 :
BuildNumber Caption OSArchitecture Version
19044 Microsoft Windows 10 Pro 64-bit 10.0.19044
@HarshaVardhanAnde HarshaVardhanAnde added the bug Something isn't working label Jul 6, 2022
@bryanapellanes-okta
Copy link
Contributor

@HarshaVardhanAnde Thanks for reaching out and bringing this to our attention! We will need to investigate further, I've opened an internal ticket for reference: OKTA-512374

@HarshaVardhanAnde
Copy link
Author

Thank you @bryanapellanes-okta for your quick response.

@bryanapellanes-okta
Copy link
Contributor

@HarshaVardhanAnde Beginning preliminary investigation into this issue; I notice that the links you provide for the responses on jsonblob.com reference blobs that don't or no longer exist. Please provide the content of those responses here.

@bryanapellanes-okta bryanapellanes-okta self-assigned this Aug 19, 2022
@HarshaVardhanAnde
Copy link
Author

@bryanapellanes-okta Please find the latest responses in the JSON Blob
SDK - AuthenticatorAsync() method
Payload - {"username" : "username"}
Response - https://jsonblob.com/1011954371394813952

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bryanapellanes-okta bryanapellanes-okta

Labels
bug Something isn't working OKTA-512374
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bryanapellanes-okta @HarshaVardhanAnde