Auth0 Home Blog Docs

How to bypass MFA for refresh token requests?

Since we have enabled MFA for some users, refresh token functionality fails with error message:" Multifactor authentication required". Is there any way to disable MFA requirement on refresh token and we ask for it only on Login process?

It is possible to bypass the refresh token flow in the MFA rule like in the below sample.

function (user, context, callback) {
  if (context.protocol === 'oauth2-refresh-token'){
    return callback(null, user, context);

  // Rest of the MFA logic goes here.

  callback(null, user, context);
1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.