In my tenant, I’m using getAccessTokenSilently to request a new MFA API access token,
Although I set the Require Multi-factor Auth = Never and Disabled Adaptive MFA Risk Assessment, Auth0 always requires an MFA challenge.
How can I disable MFA challenge when requesting an MFA API access token?
Hi @jadao,
Welcome to the Auth0 Community and sorry for the late reply.
The out of box solution for getting an MFA API Access Token is by using the Resource Owner Password Grant flow and the only use case in which a user is not required to complete the MFA is for read:authenticators, otherwise for any other scopes the user will be challanged in the MFA in order to retrieve an access token.
The recommened approach would be following the Authenticate Using the Resource Owner Password Flow with MFA.
I hope this helped,
Best regards,
Remus