I have a React application where i can allow user to delete or enroll in different MFAs after the user is logged in.
They can go to a specific tab in my applications and do this
But i am generating a token with /mfa audience that has a 10 minutes expiration time and it’s not changeable.
How can i guarantee that i can have a refresh or something like this so my users dont be logged out after 10 min?
Hi @rafael4,
Welcome back to the Auth0 community and sorry for the late reply
As you have mentioned as well, the 10 minutes expiration time for the /mfa audience token can not be modified due to security reasons within Auth0, being specified here in our documentation.
However, if you solicit a MFA token only when a user is engaged in enrolling or removing authenticators, they will not be generally logged out of the application after 10 minutes, but only if they fail to manage their MFA in this timeframe.
Additionally you can also check this community post.
I hope this clarified the situation.
Thanks,
Remus
