public async Task EnrollSmsFactor()
{
var oktaClient = new OktaClient();
var guid = Guid.NewGuid();
// MFA Group w/ SMS policy
var groupId = "{groupId}";
var createdUser = await oktaClient.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
Profile = new UserProfile
{
FirstName = "John",
LastName = "Enroll-SMS",
Email = $"john-enroll-sms-dotnet-authn-{guid}@example.com",
Login = $"john-enroll-sms-dotnet-authn-{guid}@example.com",
},
Password = "******",
Activate = true,
});
try
{
await oktaClient.Groups.AddUserToGroupAsync(groupId, createdUser.Id);
var authnClient = TestAuthenticationClient.Create();
var authnOptions = new AuthenticateOptions()
{
Username = $"john-enroll-sms-dotnet-authn-{guid}@example.com",
Password = "******",
MultiOptionalFactorEnroll = true,
WarnBeforePasswordExpired = true,
};
var authnResponse = await authnClient.AuthenticateAsync(authnOptions);
authnResponse.Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().HaveCountGreaterThan(0);
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnroll);
var enrollOptions = new EnrollSmsFactorOptions()
{
PhoneNumber = "+1 415 555 5555",
StateToken = authnResponse.StateToken,
};
authnResponse = await authnClient.EnrollFactorAsync(enrollOptions);
authnResponse.Should().NotBeNull();
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnrollActivate);
authnResponse.GetProperty <Factor>("factor").Should().NotBeNull();
authnResponse.GetProperty <Factor>("factor").Profile.GetProperty <string>("phoneNumber").Should().NotBeNullOrEmpty();
}
finally
{
await createdUser.DeactivateAsync();
await createdUser.DeactivateOrDeleteAsync();
}
}
public async Task AuthenticateUserWithExpiredPassword()
{
var oktaClient = new OktaClient();
var guid = Guid.NewGuid();
var createdUser = await oktaClient.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
Profile = new UserProfile
{
FirstName = "John",
LastName = "Test",
Email = $"john-expired-pass-dotnet-authn-{guid}@example.com",
Login = $"john-expired-pass-dotnet-authn-{guid}@example.com",
},
Password = "******",
Activate = true,
});
try
{
await createdUser.ExpirePasswordAsync();
var authClient = TestAuthenticationClient.Create();
var authnOptions = new AuthenticateOptions()
{
Username = $"john-expired-pass-dotnet-authn-{guid}@example.com",
Password = "******",
MultiOptionalFactorEnroll = true,
WarnBeforePasswordExpired = true,
};
var authnResponse = await authClient.AuthenticateAsync(authnOptions);
authnResponse.Should().NotBeNull();
authnResponse.StateToken.Should().NotBeNullOrEmpty();
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.PasswordExpired);
authnResponse.Links.Should().NotBeNull();
}
finally
{
await createdUser.DeactivateAsync();
await createdUser.DeactivateOrDeleteAsync();
}
}
public async Task AuthenticateUserWithPendingEnroll()
{
var client = TestAuthenticationClient.Create();
var authnOptions = new AuthenticateOptions()
{
Username = "******",
Password = "******",
MultiOptionalFactorEnroll = true,
WarnBeforePasswordExpired = true,
};
var authnResponse = await client.AuthenticateAsync(authnOptions);
authnResponse.Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().HaveCountGreaterThan(0);
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnroll);
}
public async Task AuthenticateUserWithInvalidCredentials()
{
var oktaClient = new OktaClient();
var guid = Guid.NewGuid();
var createdUser = await oktaClient.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
Profile = new UserProfile
{
FirstName = "John",
LastName = "Test",
Email = $"john-invalid-cred-dotnet-authn-{guid}@example.com",
Login = $"john-invalid-cred-dotnet-authn-{guid}@example.com",
},
Password = "******",
Activate = true,
});
var authClient = TestAuthenticationClient.Create();
var authnOptions = new AuthenticateOptions()
{
Username = $"john-invalid-cred-dotnet-authn-{guid}@example.com",
Password = "******",
MultiOptionalFactorEnroll = true,
WarnBeforePasswordExpired = true,
};
try
{
Func <Task> act = async() => await authClient.AuthenticateAsync(authnOptions);
act.Should().Throw <OktaApiException>();
}
finally
{
await createdUser.DeactivateAsync();
await createdUser.DeactivateOrDeleteAsync();
}
}
public async Task EnrollSecurityQuestionFactor()
{
var oktaClient = new OktaClient();
var guid = Guid.NewGuid();
// MFA Group w/ Security Question policy
var groupId = "{groupId}";
var createdUser = await oktaClient.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
Profile = new UserProfile
{
FirstName = "John",
LastName = "Enroll-Security-Question",
Email = $"john-enroll-question-dotnet-authn-{guid}@example.com",
Login = $"john-enroll-question-dotnet-authn-{guid}@example.com",
},
Password = "******",
Activate = true,
});
try
{
await oktaClient.Groups.AddUserToGroupAsync(groupId, createdUser.Id);
var authnClient = TestAuthenticationClient.Create();
var authnOptions = new AuthenticateOptions()
{
Username = $"john-enroll-question-dotnet-authn-{guid}@example.com",
Password = "******",
MultiOptionalFactorEnroll = true,
WarnBeforePasswordExpired = true,
};
var authnResponse = await authnClient.AuthenticateAsync(authnOptions);
authnResponse.Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().HaveCountGreaterThan(0);
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnroll);
var enrollOptions = new EnrollSecurityQuestionFactorOptions()
{
Question = "name_of_first_plush_toy",
Answer = "blah",
StateToken = authnResponse.StateToken,
};
authnResponse = await authnClient.EnrollFactorAsync(enrollOptions);
authnResponse.Should().NotBeNull();
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnroll);
// Authenticate after enroll
authnResponse = await authnClient.AuthenticateAsync(authnOptions);
authnResponse.Should().NotBeNull();
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.Success);
}
finally
{
await createdUser.DeactivateAsync();
await createdUser.DeactivateOrDeleteAsync();
}
}
