ForgeRock Authenticator App 3.x - Known issues and limitations

Last updated Jan 25, 2023

The purpose of this article is to provide information about known issues and limitations for the ForgeRock Authenticator App 3.x.

1 reader recommends this article

Overview

This article provides information on the following known issues and limitations:

iOS and Android - Only supports Push-to-Accept type (Authenticator App 3.2)
Android - New notification permission
iOS - Push accounts stop working after uninstalling and reinstalling the app
Android - Some special characters from registration QR Codes or URLs are decoded incorrectly
Limitations

iOS and Android - Only supports Push-to-Accept type (Authenticator App 3.2)

The iOS (including the Apple watch) and Android authenticator apps released with 3.2 do not support the Display Challenge Code or Use Biometrics to Accept push authentication types. Tap to Accept (the default) is the only push type supported at this time.

If you are using the iOS Apple watch, you must use the Authenticator app on the phone to accept these types of push authentication.

Android - New notification permission

When upgrading your device to Android 13, you may be asked to allow notifications from the app. Notifications are required in order to process Push Authentication requests.

If you select the 'Allow' option, you will continue to receive Push Authentication requests normally.
If you select the 'Don't allow' option, the app won't be able to process Push notifications anymore. However, if you change your mind, you can manually enable them via Android Settings.
If you swipe away from the dialog, and don't select either 'Allow' or 'Don't allow', the current notification permission setting remains the same.

iOS - Push accounts stop working after uninstalling and reinstalling the app

Steps to reproduce

Install the authenticator app on an iOS device.
Register a push authentication notification account, and confirm it works as expected.
Uninstall the app from the device.
Install the app again.
Trigger a new push authentication notification request.

Expected result

The device receives the new push notification.

Actual result

The device does not receive the new push notification.

Workaround

On your device, remove the push authentication account from the ForgeRock Authenticator app.
Afterwards, register the account with the app again.

To enable push notifications on your iOS device:

On the home screen, click Settings.
On the Settings menu, click Notifications.
Look for the ForgeRock Authenticator app.
Click Allow Notifications.
Choose options for how to receive push notifications.

To show the contents of notifications on the Lock Screen without unlocking your device:

Go to Settings > Notifications > Show Previews.
Select Always.

Android - Some special characters from registration QR Codes or URLs are decoded incorrectly

Steps to reproduce

Some special characters in the registration URLs (or QR Codes) are not decoded properly by the Authenticator app during the registration of Push and OATH accounts. This can lead to the app displaying incomplete issuer or account names. For example, if the issuer in the registration URL is "AT&T", the Authenticator app may display "AT".

SVG is not a valid image format for the account logo. The app only supports JPG and PNG formats.
OTP codes should contain six or eight digits.
The period limit for TOTP accounts is 99 seconds.
Push Notifications expiration counting starts when the Authenticator app receives the notification.
The Authenticator app supports up to two MFA methods for the same account (issuer + account name). The methods cannot be of the same type.
Registering an OATH account via links does not work in iOS version 15.
Android devices without Google Play services do not support the Authenticator app.
In rare cases, on some iOS 12.x devices, the Authenticator app may not receive push notifications when the app is not running.

Workaround: Start the authenticator app and resend a push notification authentication request.