I’ve been testing the push tokens for a little bit. It works great for a /validate/check but I wanted to ensure I was doing the /auth workflow properly.
I need to be able to get the authorization token and here is what I have been doing to get it:
- Call /auth endpoint with correct PIN
- Receive response that token needs to be confirmed on device
- Confirm within privacyIDEA authenticator
- Respond to the /auth with a blank PIN (using the challenge/transaction ID from #2)
- Authorization token is provided in response
Is this the proper workflow for this or will this change in the future?