Hi,
Since we have enabled MFA for some users, refresh token functionality fails with error message:" Multifactor authentication required". Is there any way to disable MFA requirement on refresh token and we ask for it only on Login process?
1 Like
It is possible to bypass the refresh token flow in the MFA rule like in the below sample.
function (user, context, callback) {
if (context.protocol === 'oauth2-refresh-token'){
return callback(null, user, context);
}
// Rest of the MFA logic goes here.
callback(null, user, context);
}
8 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.