Integrate MFA using OATH one-time passwords
This topic explains how to integrate support for OATH one-time passwords into your projects that use the ForgeRock Authenticator module.
Prerequisites
To integrate OATH one-time passwords into your application that uses the ForgeRock Authenticator module, ensure you have completed the following tasks first:
-
Configure your ForgeRock server to request a one-time password during the authentication journey.
-
Integrate the ForgeRock Authenticator module into your app.
-
Start the ForgeRock Authenticator module in your app.
Sample apps
You can find example source code for integrating one-time passwords in the sample authenticator application repositories on GitHub:
Step 1. Register your app
The first time you authenticate you are asked to register a device by scanning a QR code.
Your application must implement a QR code scanning mechanism. The QR code contains the URI used for registering the device, although you could also offer a method for entering the URI manually.
After obtaining the URI, register the authentication mechanism in your app:
Register the OATH mechanism by implementing the FRAClient.createMechanismFromUri()
method, and use FRAListener
to receive the newly created mechanism:
fraClient.createMechanismFromUri("qrcode_scan_result", new FRAListener<Mechanism>() {
@Override
public void onSuccess(Mechanism mechanism) {
// called when device enrollment was successful.
}
@Override
public void onFailure(final MechanismCreationException e) {
// called when device enrollment has failed.
}
});
guard let fraClient = FRAClient.shared else {
print("FRAuthenticator SDK is not initialized")
return
}
fraClient.createMechanismFromUri(uri: url, onSuccess: { (mechanism) in
// Method call occurs when device enrollment is successful.
}, onError: { (error) in
// Method call occurs when device enrollment fails.
})
Step 2. Generate one-time passwords
With the OATH mechanisms now registered, your app can obtain the current, and next tokens, as an OathTokenCode
object: