"mfa_required" error instead of using refresh token with Actions

rueben.tiow · June 14, 2022, 2:48am

Problem statement

We want to use MFA, but the user should not have to enter their MFA every time their session token expires, since we use refresh tokens.

Symptoms

“mfa_required” error

Solution:

When enabling MFA with Actions, there is the option to check for Refresh Token usage to skip the MFA prompt. This way, your application will not throw the “mfa_required” error and prompt the user to complete the MFA flow again.

To do so, we recommend that you add a conditional to your MFA Action so that it bypasses the MFA when the refresh token grant is used. You can check for the event.transaction === "oauth2-refresh-token". See below:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.transaction.protocol === “oauth2-refresh-token”){
    api.multifactor.enable(‘any’)
  }
  //else pass since using a refresh token
};

Topic		Replies	Views
Not able to refresh token if mfa is eanbled (Error: mfa_required) Help mfa , one-time-password-otp-factor	6	3892	April 7, 2023
What is the correct way to require MFA for ONLY auth0 connections? Help mfa , mfa-api	3	2327	January 11, 2023
Can't refresh tokens which are from Device Auth Code Help management-api , device-credentials	2	1227	June 27, 2023
Configuring MFA Flow to require MFA once per session with Actions Knowledge Articles mfa , extensibility , actions	1	2923	June 14, 2022
Bypass Adaptive MFA using Actions Knowledge Articles multi-factor , actions , adaptive_mfa	1	960	November 30, 2023

"mfa_required" error instead of using refresh token with Actions

Problem statement

Symptoms

Solution:

Reference Materials:

Related topics