[PKCE] How to set authentication state from accessToken and refreshToken
Closed this issue · 2 comments
I’m using the OktaOidc (v3.10.2) and OktaAuthNative (v2.4.2) SDKs on iOS to login a user through an SSO flow (PKCE). Our SSO process has the backend performing the authentication and providing the final accessToken and refreshToken for the clients to use.
The only two APIs available for us on the iOS SDK seems to be OktaAuthSdk.authenticate(with: url, username: username, password: password) and OktaOidc().authenticate(withSessionToken: token). However, our backend system calls /v1/authorize and /v1/token on our behalf and provide the native app the refresh and access tokens they should use going forward. Is there a way to set these in the SDK directly or a way to create an OktaOidcStateManager from just this information?
Hey @apersaud,
Your question needs us some time to research. I created internal ticket OKTA-399154 for that purpose.
In general, you cannot set access or refresh token on your behalf in our SDK. I think the case you described is not how it should work. Because Okta as Identity Provider generates access and refresh tokens. You may reach out support team according to correctness of your architecture case.
Hi @apersaud,
I analyzed your feature and here is my conclusion based on description you provided.
Your backed stands as Client Application, so it receives the Access Token and Refresh Token. Your native iOS app becomes Resource Owner. Resourse Owner doesn't possesses tokens. Only Client Application can have tokens.
iOS SDK is not supposed to be as Resource Owner, it acts as Client Application. So your flow cannot be applied in SDK.
If you do need to set the tokens on your behalf, you can fork the repository and make corresponding changes.
Thanks for using Okta!