Push Token - /auth Authorization Token

I’ve been testing the push tokens for a little bit. It works great for a /validate/check but I wanted to ensure I was doing the /auth workflow properly.

I need to be able to get the authorization token and here is what I have been doing to get it:

1. Call /auth endpoint with correct PIN
2. Receive response that token needs to be confirmed on device
3. Confirm within privacyIDEA authenticator
4. Respond to the /auth with a blank PIN (using the challenge/transaction ID from #2)
5. Authorization token is provided in response

Is this the proper workflow for this or will this change in the future?

You want to get an authorization token with a PUSH token?
What is your scenario?

Basic thing is:

• If a push token confirms a notification, the challenge is marked as answered in privacyIDEA
• An application should now check, if a challenge is answered correct. This is done with the endpoint /token/challenges. See https://github.com/privacyidea/privacyidea/wiki/concept%3A-PushToken#polling-endpoint-for-application

My scenario is having a small web application that allows a user to view/edit/set PIN on their own tokens.

For all standard tokens or challenge based it works as follows:

1. Send PIN to /auth
2. Receive challenge and send challenge response back to /auth
3. Receive auth token

For push tokens I have the following setup:

1. Send PIN to /auth
2. Display notification to user to accept request on their phone
3. Poll /token/challenges until it is marked answered or it expires
4. <What do I do here to get the auth token now that the /token/challenges has been marked answered>

For #4 in the push token, I have been sending back a /auth with a blank PIN after I find the /token/challenges has been answered and it appears to function properly, but I wanted to confirm that this was the proper way to get the auth token.

If I understand you correctly, you could do this in the following way:
4. do /auth username=yourUser transaction_id=yourTransactionId
This should work