How to bypass MFA for refresh token requests?

Since we have enabled MFA for some users, refresh token functionality fails with error message:" Multifactor authentication required". Is there any way to disable MFA requirement on refresh token and we ask for it only on Login process?

1 Like

It is possible to bypass the refresh token flow in the MFA rule like in the below sample.

function (user, context, callback) {
  if (context.protocol === 'oauth2-refresh-token'){
    return callback(null, user, context);

  // Rest of the MFA logic goes here.

  callback(null, user, context);

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.