Note: The examples in this guide use Java 11 and Spring Boot MVC.
1: Your app displays the sign-in page
Create a sign-in page that captures the user's username.
Note: The account's username is also its primary email address.
2: The user submits their username
When the user submits their username, create an AuthenticationOptions
object and assign its username
property to the value entered by the user. Pass this object as a parameter to IdxAuthenticationWrapper.authenticate()
.
3. The user verifies their identity with the email authenticator
authenticate()
returns an AuthenticationResponse
object. Query its AuthenticationStatus
property to discover the current status of the authentication process. A status of AWAITING_AUTHENTICATOR_VERIFICATION
indicates that the user needs to verify their identity with the email authenticator challenge.
The email authenticator supports user verification by one-time passcode (OTP) and by magic links. To learn more, see the Okta email integration guide.
4. Your app handles an authentication success response
After the user verifies their identity using the email authenticator, the status of the authentication process is Success
. Call AuthenticationResponse.getTokenResponse()
to retrieve the user's OIDC claims information and pass it into your application. The user has now signed in. Store these tokens for future requests and redirect the user to the default page.
Note: In cases where additional sign-in authenticators are required, the user needs to choose and verify all required authenticators before Identity Engine returns an AuthenticationStatus
equal to SUCCESS
.