Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Okta Verify Fast Pass as an enrolled Factor is not returned #965

Closed
azahur opened this issue Dec 14, 2023 · 8 comments
Closed

Okta Verify Fast Pass as an enrolled Factor is not returned #965

azahur opened this issue Dec 14, 2023 · 8 comments
Assignees
@arvindkrishnakumar-okta
Labels
bug OKTA-678100 waiting-for-feedback

Comments

@azahur
Copy link

azahur commented Dec 14, 2023
edited by arvindkrishnakumar-okta
Loading

Describe the bug?

The List returned from the following code, has all the user Factors enrolled but the Okta verify fastpass.
The Post man API call which is also calling the same end point returns the correct list

	UserFactorApi userFactorApi = new UserFactorApi(client);

        List factors= userFactors.getUserEnrolledFactors("[email protected]");	
	private List getUserEnrolledFactors(String email) {
		String id=this.getUserId(email);
		
		
		return userFactorApi.listFactors(id);
	}
	private String getUserId(String email) {
		String result = null;
		User user = userApi.getUser(email);
		return user.getId();
	}

What is expected to happen?

The List should include all enrolled user factors

What is the actual behavior?

returned list is missing an enrolled okta verify fastpass factor

Reproduction Steps?

Simply call the API

UserFactorApi userFactorApi = new UserFactorApi(client);

List factors= userFactors.getUserEnrolledFactors("[email protected]");	
Private List getUserEnrolledFactors(String email) {
		String id=this.getUserId(email);
		
		
		return userFactorApi.listFactors(id);
	}
private String getUserId(String email) {
		String result = null;
		User user = userApi.getUser(email);
		return user.getId();
}

Java Version

jdk-17.0.5

SDK Version

<dependency>
    <groupId>com.okta.sdk</groupId>
    <artifactId>okta-sdk-api</artifactId>
    <version>14.0.0</version>
</dependency>
com.okta.sdk okta-sdk-impl 14.0.0

OS version

No response
@azahur azahur added the bug label Dec 14, 2023
@arvindkrishnakumar-okta arvindkrishnakumar-okta changed the title OKTA java SDK does not return Okta Verify Fast Pass as an enrolled Factor SDK does not return Okta Verify Fast Pass as an enrolled Factor Dec 15, 2023
@arvindkrishnakumar-okta
Copy link
Contributor

@azahur Thanks for posting! I'll take a look and get back.

@arvindkrishnakumar-okta
Copy link
Contributor

@azahur can you please paste the POSTMAN output with sensitive details masked?

@azahur
Copy link
Author

azahur commented Dec 16, 2023
edited by arvindkrishnakumar-okta
Loading

here is postman output for list factors for uid

[
    {
        "id": "sfsdfsfsgsgsgsgsgg",
        "factorType": "signed_nonce",
        "provider": "OKTA",
        "vendorName": "OKTA",
        "status": "ACTIVE",
        "created": "2023-11-07T22:41:14.000Z",
        "lastUpdated": "2023-11-07T22:41:14.000Z",
        "profile": {
            "credentialId": "[email protected]",
            "deviceType": "Tablet_Windows",
            "name": "ComputerName",
            "platform": "WINDOWS",
            "version": "10.0.19045.3570",
            "keys": [
                {
                    "kty": "RSA",
                    "use": "sig",
                    "kid": "default",
                    "e": "AQAB",
                    "n": "blanked POP key",
                    "jwkType": "proofOfPossession"
                },
                {
                    "kty": "RSA",
                    "use": "sig",
                    "kid": "default",
                    "e": "AQAB",
                    "n": "blanked userVerificationKey": "userVerification"
                }
            ]
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/sfsdfsfsgsgsgsgsgg",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "signed_nonce",
        "provider": "OKTA",
        "vendorName": "OKTA",
        "status": "ACTIVE",
        "created": "2023-10-18T22:39:05.000Z",
        "lastUpdated": "2023-10-18T22:39:05.000Z",
        "profile": {
            "credentialId": "[email protected]",
            "deviceType": "SmartPhone_IPhone",
            "name": "iPhone",
            "platform": "IOS",
            "version": "16.7.1",
            "keys": [
                {
                    "kty": "EC",
                    "use": "sig",
                    "kid": "default",
                    "x": "blanked ",
                    "y": "blanked",
                    "crv": "P-256",
                    "jwkType": "proofOfPossession"
                },
                {
                    "kty": "EC",
                    "use": "sig",
                    "kid": "default",
                    "x": "blanked",
                    "y": "blanked",
                    "crv": "P-256",
                    "jwkType": "userVerification"
                }
            ]
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "email",
        "provider": "OKTA",
        "vendorName": "OKTA",
        "status": "ACTIVE",
        "profile": {
            "email": "[email protected]"
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "verify": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked/verify",
                "hints": {
                    "allow": [
                        "POST"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "webauthn",
        "provider": "FIDO",
        "vendorName": "FIDO",
        "status": "ACTIVE",
        "created": "2023-10-17T15:43:04.000Z",
        "lastVerified": "2023-10-18T17:16:47.000Z",
        "lastUpdated": "2023-10-17T15:43:04.000Z",
        "profile": {
            "credentialId": "blanked",
            "appId": null,
            "version": null,
            "authenticatorName": "YubiKey 5 with NFC"
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "verify": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked/verify",
                "hints": {
                    "allow": [
                        "POST"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "webauthn",
        "provider": "FIDO",
        "vendorName": "FIDO",
        "status": "ACTIVE",
        "created": "2023-10-18T23:48:26.000Z",
        "lastVerified": "2023-11-29T03:44:44.000Z",
        "lastUpdated": "2023-10-18T23:48:26.000Z",
        "profile": {
            "credentialId": "blanked",
            "appId": null,
            "version": null,
            "authenticatorName": "Windows Hello Hardware Authenticator"
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "verify": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked/verify",
                "hints": {
                    "allow": [
                        "POST"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "webauthn",
        "provider": "FIDO",
        "vendorName": "FIDO",
        "status": "ACTIVE",
        "created": "2023-10-19T23:22:52.000Z",
        "lastVerified": "2023-10-19T23:22:52.000Z",
        "lastUpdated": "2023-12-06T19:09:35.000Z",
        "profile": {
            "credentialId": "blanked",
            "appId": null,
            "version": null,
            "authenticatorName": "Authenticator"
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "verify": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked/verify",
                "hints": {
                    "allow": [
                        "POST"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "push",
        "provider": "OKTA",
        "vendorName": "OKTA",
        "status": "ACTIVE",
        "created": "2023-10-18T22:39:05.000Z",
        "lastUpdated": "2023-10-18T22:39:05.000Z",
        "profile": {
            "credentialId": "[email protected]",
            "deviceType": "SmartPhone_IPhone",
            "keys": [
                {
                    "kty": "EC",
                    "use": "sig",
                    "kid": "default",
                    "x": "blanked",
                    "y": "blanked",
                    "crv": "P-256"
                }
            ],
            "name": "azahur iPhone",
            "platform": "IOS",
            "version": "16.7.1"
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "verify": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked/verify",
                "hints": {
                    "allow": [
                        "POST"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    },
    {
        "id": "blanked",
        "factorType": "token:software:totp",
        "provider": "OKTA",
        "vendorName": "OKTA",
        "status": "ACTIVE",
        "created": "2023-10-18T22:39:05.000Z",
        "lastUpdated": "2023-10-18T22:39:05.000Z",
        "profile": {
            "credentialId": "xxx.example.com"
        },
        "_links": {
            "self": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked",
                "hints": {
                    "allow": [
                        "GET",
                        "DELETE"
                    ]
                }
            },
            "verify": {
                "href": "https://myokta.okta.com/api/v1/users/blanked/factors/blanked/verify",
                "hints": {
                    "allow": [
                        "POST"
                    ]
                }
            },
            "user": {
                "href": "https://myokta.okta.com/api/v1/users/blanked",
                "hints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        }
    }
]

@arvindkrishnakumar-okta arvindkrishnakumar-okta changed the title SDK does not return Okta Verify Fast Pass as an enrolled Factor Okta Verify Fast Pass as an enrolled Factor is not returned Dec 18, 2023
@arvindkrishnakumar-okta
Copy link
Contributor

arvindkrishnakumar-okta commented Feb 9, 2024
edited
Loading

@azahur Apologies for the delay!

We're basically looking for "factorType": "push" in the result of 'getUserEnrolledFactors(..)' when you mention the factor type "Okta Verify". Are you saying you don't see that in the list returned by API response? Are you able to see the factor when you query it by the factor id (i.e. getFactor(userId, factorId))?

@azahur
Copy link
Author

azahur commented Feb 9, 2024

the update on this is that all factors that of type
"factorType": "signed_nonce",
Appear as Null in the list returned by the API call userFactorApi.listFactors(id);
Push and TOTP factors appear in the list, but Okta verify desktop (fastpass) etc that are of type signed_nonce appear as null
The postman call actually returns all factors correctly

@arvindkrishnakumar-okta
Copy link
Contributor

Thanks for the update, I'll do more digging and post back.

arvindkrishnakumar-okta added a commit that referenced this issue Feb 22, 2024
@arvindkrishnakumar-okta
Fix issue #965 - add signed_nonce factor type in discriminator mapping
64ce5c1
Merged
13 tasks
@arvindkrishnakumar-okta
Copy link
Contributor

@azahur Can you try the above fix and let me know if it works in your env? Try building the SDK after applying the above fix and try the API again.

arvindkrishnakumar-okta added a commit that referenced this issue Feb 23, 2024
@arvindkrishnakumar-okta
Fix issue #965 - add signed_nonce factor type in discriminator mapp…
fa8537e 
…ing (#985)

Fix issue #965 - add signed_nonce factor type in discriminator mapping
@arvindkrishnakumar-okta
Copy link
Contributor

Fix merged to main/master branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arvindkrishnakumar-okta arvindkrishnakumar-okta

Labels
bug OKTA-678100 waiting-for-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arvindkrishnakumar-okta @azahur