MFA token expiry?

Hello, community!

I’m looking at the docs to obtain a MFA token:

To call the MFA API to manage enrollments, you first need to obtain an access token for the MFA API … If you are building a user interface to manage authentication factors, you’ll need to obtain a token you can use for the MFA API at any moment, not only during authentication.

I’m particularly interested in obtaining an MFA token via Universal Login.

Is there an expiration for the MFA token obtained through Universal Login? Can I store the token in my database for long-term use? What are the scenarios in which an MFA token can be invalidated?

Thanks for your help.

Hi @thankfulpanda,

Welcome to the Community!

It looks like they should have a 10 minute expiry, according to the following post. Are you experiencing other behavior?

Hi @dan.woda,

Thank you for the quick response and for the info!

I eventually did not proceed in this direction, so I didn’t check the expiry in practice.

I instead ended up using the enroll/delete/get MFA enrollment APIs available in the Guardian and the User sections in the Auth0 Management API. These APIs suited my needs equally well.

1 Like

Thanks for the update. I will mark that as the solution.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.