(Purpose of the project is to create a native mobile app authenticator direct grant flow which validates mobile number and email address before issuing access and refresh tokens)
I’m working on a Direct Grant Flow starting at an authenticator which consists of a mobile OTP and an email OTP, which is checked by issuing multiple one-time action tokens which require the OTP in the body of the HTTP request.
Everything seems to work fine except, the final token handler is supposed to go back to the original authenticator flow and return the Access Token and Refresh Token with the following line:
return tokenContext.processFlow(true, AUTHENTICATE_PATH, tokenContext.getRealm().getDirectGrantFlow(), null, new AuthenticationProcessor());
This works, but it does not return an Access and Refresh Token unlike the normal Direct Grant flow, instead it returns a HTML page stating the account is succesfully updated.
Why does it not return the access token from the authenticator flow?
Should I recreate the code that creates access and refresh tokens in the last token handler instead?