I am testing the custom b2c policy sign-in-with-authenticator from github (link below). The one issue i have is getting desktop authenticators to work because they cannot read the QR code. I have tried to somehow display the secret returned from the service but i can't seem to get it to the page like the QR Code bitmap itself. How can i show the secret for users that are logging in with a desktop authenticator?
0
votes
1 Answers
0
votes
I did find a way to do this. In the API that the policy calls, create a new claim on the InputClaims object, send the secret as base 32 encoded string in the new field. In the TrustFrameworkExtensions policy, add a new claim to hold it, in the technical profile for authenticator registration, add that claim as an input and output claim, add the required attribute to the input claim. Now the claim will show on the page in a hidden text field that you can use to populate a link for the secret that can be entered into desktop auth apps.
