Can't log in with duo mobile app using device trust

Question

Can't log in with duo mobile app using device trust

Opened this issue 4 years ago · 0 comments

seqmbuehl commented 4 years ago

Hi team,

I am using oktaOidc.signInWithBrowser(...). We integrate with duo for MFA and device trust. duo.

With device trust disabled, I can log in by choosing duo push or passcode. All good.

With device trust enabled

I get passed the okta login screen
I get challenged. I have to open the duo mobile app.
Duo mobile opens
I tap on the upper left corner to return to my app
I get redirected to the okta login screen instead of showing the duo MFA options (push, passcode).

I don't see any traces in the duo logs.

Console shows this error:
[connection] nw_read_request_report [C2] Receive failed with error "Software caused connection abort".

I think it may be related with an http request while the app is in the background.
I get the same error and behavior when I force SFSafariViewController in OKTExternalUserAgentIOS.m

I am currently forcing mobile Safari in OKTExternalUserAgentIOS.m. I get passed the duo mobile app and the duo MFA. I end up back in my app with this type of custom scheme request:
{custom scheme}://{loginRedirectUrl}?code=1234abc&state=1234abc
Will try to request the tokens outside of the oidc framework.

We have an older ios app that uses the wkwebview for the okta login flow. It just points the wkwebview to domain.okta.com without any sdk. In this case the duo mobile app redirects me back to the app and I am logged in. Same is true using ios Safari.