How to bypass MFA for refresh token requests?

Saltuk · June 1, 2019, 3:34pm

Hi,
Since we have enabled MFA for some users, refresh token functionality fails with error message:" Multifactor authentication required". Is there any way to disable MFA requirement on refresh token and we ask for it only on Login process?

Saltuk · June 1, 2019, 3:35pm

It is possible to bypass the refresh token flow in the MFA rule like in the below sample.

function (user, context, callback) {
  if (context.protocol === 'oauth2-refresh-token'){
    return callback(null, user, context);
  }

  // Rest of the MFA logic goes here.

  callback(null, user, context);
}

Saltuk · June 16, 2019, 3:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What is the correct way to require MFA for ONLY auth0 connections? Help mfa , mfa-api	3	2300	January 11, 2023
Not able to refresh token if mfa is eanbled (Error: mfa_required) Help mfa , one-time-password-otp-factor	6	3857	April 7, 2023
Bypass Adaptive MFA using Actions Knowledge Articles multi-factor , actions , adaptive_mfa	1	936	November 30, 2023
"mfa_required" error instead of using refresh token with Actions Knowledge Articles mfa , extensibility , actions	1	3992	June 14, 2022
Use Rule to disable MFA Help mfa	4	4046	June 28, 2022

How to bypass MFA for refresh token requests?

Related Topics