I have written a web page that allows our users to manage their authentication methods. I have this working quite well with one exception. If a user mistypes their one-time password, I can't get Advanced Authentication to allow them to try again.
Here's what I am seeing.
I make these REST API calls when walking a user through setting up a new authentication method:
- Get an endpoint session
https://{host}/api/v1/endpoints/{endpoint_ID}/sessions - Start a login session to the Authenticators Management event
https://{host}/api/v1/logon
https://{host}/api/v1/logon/{endpoint_session_ID}/do_logon - List my current templates
https://{host}/api/v1/users/{userID}/templates?login_session_id={login_session_ID} - Start an enrollment session
https //qatauth.fmins.com/api/v1/enroll
https //qatauth.fmins.com/api/v1/enroll/{login_session_ID}/do_enroll
The final step is to complete the enrollment with the verification code, which requires one more call to
- https //qatauth.fmins.com/api/v1/enroll/{login_session_ID}/do_enroll
with the one-time password. If I provide an incorrect code, this is my response, which is expected.
{ "status": "FAILED", "msg": "Incorrect One-Time Password (OTP) entered. Please re-enter your OTP.", "reason": "OTP_WRONG_PASSWORD", "msgid": "AUCORE-2015" }
However, if I try to enter the correct one-time password shortly afterward (well within the 120-second window), I get:
{ "status": "FAILED", "msg": "Enrollment process could not be found PTXtx6OhmVu5epSvjBTZ3APOKGtqw74x", "reason": "PROCESS_NOT_FOUND_OR_EXPIRED", "msgid": "AUCORE-1015" }
The system will not let me try again if I mistype the one-time password. Based on the error, it seems to destroy the enrollment session immediately after an incorrect one-time password is entered.
However, when I use the built-in page, it lets me retry as expected. So there has to be a setting somewhere that is preventing the REST API from allowing retry attempts at entering the one-time password.
Can someone help with this?