Backgrounding the app during Duo push notification authentication



We’re running an integration with Duo in our app, we’re using SFAuthenticationSession to connect to an Okta endpoint and kick-off the SSO procedure which eventually leads to a two factor authentication challenge powered by Duo.

The process works fine when receiving the push notification, opening it (by sliding down on it, or by force pushing on it) and hitting Approve, but we are having a problem if we leave our application, go to the Duo app, approve the push notification within the Duo app, and then come back to our app.

When we come back to our app, we see the “Your session has expired. Please try again.” message, even though we had just approved the push notification. I’ve attached a screenshot.

Do you have any guidance around this? Is this something you have seen previously? Maybe a known issue? Or maybe this is just the way things are supposed to work and we are doing something wrong?

For what it’s worth, this seems to be related to the app being backgrounded and then being re-opened, as when the app is not backgrounded and the push notification is approved by sliding down on the notification (or force push), the authentication process works fine.

If, for example, we were to have the Duo biometric validation installed as well (I believe through Duo Access or Duo Beyond), we would always have to leave the app and come back, so I’m wondering how the login procedure should be implemented so that our session doesn’t expire when reopening the app.

Any help would be appreciated.

Thank you!


For what it’s worth, I have using both Safari View Controller and WKWebView instead of SFAuthenticationSession, but still have the same problem when coming back into the app.


Additionally, I have copied and pasted the Single Sign-On Okta link into the Safari application and the same problem persists (once leaving Safari and coming back).