Backgrounding the app during Duo push notification authentication


#1

Hi,

We’re running an integration with Duo in our app, we’re using SFAuthenticationSession to connect to an Okta endpoint and kick-off the SSO procedure which eventually leads to a two factor authentication challenge powered by Duo.

The process works fine when receiving the push notification, opening it (by sliding down on it, or by force pushing on it) and hitting Approve, but we are having a problem if we leave our application, go to the Duo app, approve the push notification within the Duo app, and then come back to our app.

When we come back to our app, we see the “Your session has expired. Please try again.” message, even though we had just approved the push notification. I’ve attached a screenshot.

Do you have any guidance around this? Is this something you have seen previously? Maybe a known issue? Or maybe this is just the way things are supposed to work and we are doing something wrong?

For what it’s worth, this seems to be related to the app being backgrounded and then being re-opened, as when the app is not backgrounded and the push notification is approved by sliding down on the notification (or force push), the authentication process works fine.

If, for example, we were to have the Duo biometric validation installed as well (I believe through Duo Access or Duo Beyond), we would always have to leave the app and come back, so I’m wondering how the login procedure should be implemented so that our session doesn’t expire when reopening the app.

Any help would be appreciated.

Thank you!


#2

For what it’s worth, I have using both Safari View Controller and WKWebView instead of SFAuthenticationSession, but still have the same problem when coming back into the app.


#3

Additionally, I have copied and pasted the Single Sign-On Okta link into the Safari application and the same problem persists (once leaving Safari and coming back).


#4

Hey Andrei,
Please follow up with our support and product teams, who have been in touch to learn more about this issue, when you have a chance.

Thanks!


#5

Was a solution found for this?

The Concur iOS app (an external expense management vendor used at our school) is doing the same thing. Users cannot log in via push, they have to use one of the other methods such as a code.


#6

Hi there,
I think you’ll be happy to see this:
"Duo Security has a fix in the works for this which will be rolled out to all customers by August 17, 2018. If you would like this fix enabled earlier, please email duomobilefeedback@duosecurity.com and reference this article. "

from this knowledge base article: https://help.duo.com/s/article/4344


#7

Very happy! Thank you.


#8

Sure thing! Glad to hear it!