I'm writing an iOS/iPadOS application to help pilots accomplish their monthly schedules. The resources I need to access are protected by my company's Okta implementation. I can access these resources through a web browser. When I do, I'm prompted for my username, password, and push request. After I'm authenticated, I have access to the resources and APIs.
How best can I access those resources inside of the app I'm developing?
Note, that since my app is not an official company app, I've run into difficulty with finding the right department to get it registered. Even if I find the right person, I'm not sure they will allow me to register it. To be clear, I have the permission to access the protected resources.
Additionally, other, similar third party apps exist for this function, and their use is accepted by the company--though not officially.
Right now I'm opening up a WKWebView to the protected website. The user then authenticates and I hide the WKWebView. In the background, I access the necessary APIs and resources. However, this feels very clunky. Is there a better way?
Strictly speaking you can under 2 assumptions.
You can capture username and password on your site/page/screen (if a user agrees to enter them on your site) and then you can use Okta authentication API to validate these credentials.
There might be MFA policy involved into the authentication process on Okta side, so the response which you receive will indicate that. My previous experience shows though, that if credentials are invalid you'll not be able to get to this point.
So it's your choice at this point, to decide if you want to decide that your user is authenticated w/o confirming their MFA (I'd not recommend that of course for production grade apps).
If you plan to fully support MFA as well, you will have to design the relevant MFA challenge/response screens for each MFA method used in your company's MFA policies (email, phone, OTP ...)
Here is some documentation for you https://developer.okta.com/docs/reference/api/authn
But better way would be registering your application in Okta and using regular OIDC authentication flow with a supported Okta SDK for Mac ecosystem.