1: Your app displays the sign-in page
Create a sign-in page that captures the user's username.
Note: The account's username is also its primary email address.
2: The user submits their username
When the user submits their username, create an AuthenticationOptions
object and assign its Username
property to the value entered by the user. Pass this object as a parameter to IdxClient.AuthenticateAsync()
.
3. The user verifies their identity with the email authenticator
AuthenticateAsync()
returns an AuthenticationResponse
object. Query its AuthenticationStatus
property to discover the current status of the authentication process. A status of AwaitingChallengeAuthenticatorSelection
indicates that the user needs to verify their identity with the email authenticator challenge.
The email authenticator supports user verification by one-time passcode (OTP) and by magic links. To learn more, see the Okta email integration guide.
4. Your app handles an authentication success response
After the user verifies their identity using the email authenticator, the status of the authentication process is Success
. Call AuthenticationHelper.GetIdentityFromTokenResponseAsync()
to retrieve the user's OIDC claims information and pass it into your application. The user has now signed in.
Store these tokens for future requests and redirect the user to the default page after a successful sign-in attempt.
Note: In cases where additional sign-in authenticators are required, the user needs to choose and verify all required authenticators before Identity Engine returns an AuthenticationStatus
equal to SUCCESS
.