why the queries of FetchSecAuthOTPTask is executed while GetOTPTask call

book

Article ID: 102680

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

FetchSecAuthOTPTask vs GetOTPTask

Why the queries of FetchSecAuthOTPTask is executed while GetOTPTask being called? 

Environment

Applicable for all the envs

Resolution

Usually in secondary authentication flow where OTP authentication is required, first FetchSecAuthOTPTask is invoked to check mainly the status of OTP credential (whether it is locked, deleted or disabled) for the  user. Hence you are finding the queries of FetchSecAuthOTPTask.
In case credential status it ok or not found, then GetOTPTask is invoked to create a new OTP that is sent to user by e-mail or SMS.
 
FetchSecAuthOTPTask
This class Fetches the OTP credential during different secondary authentication flows like if computer is public device from Risk point of view and OTP has to be sent by e-mail or SMS. Similarly,  when ArcotID has to be downloaded on public device, then OTP credentials are fetched during this call to sent it via e-mail or SMS. The main purpose of this class is to fetch OTP credentials and check whether it is locked, disabled or deleted. Otherwise, GetOTPTask is invoked to create an OTP.
 
GetOTPTask
Creates OTP credential for user mainly during enrollment flow. This call is also invoked in above mentioned scenarios when OTP is not locked or disabled or deleted, in order to create a new OTP.
 

Additional Information

https://communities.ca.com/message/242121552