MFA token expiry?

Hello, community!

I’m looking at the docs to obtain a MFA token:

To call the MFA API to manage enrollments, you first need to obtain an access token for the MFA API … If you are building a user interface to manage authentication factors, you’ll need to obtain a token you can use for the MFA API at any moment, not only during authentication.

https://auth0.com/docs/mfa/authenticate-with-ropg-and-mfa/manage-authenticator-factors-mfa-api#universal-login

I’m particularly interested in obtaining an MFA token via Universal Login.

Is there an expiration for the MFA token obtained through Universal Login? Can I store the token in my database for long-term use? What are the scenarios in which an MFA token can be invalidated?

Thanks for your help.

Hi @thankfulpanda,

Welcome to the Community!

It looks like they should have a 10 minute expiry, according to the following post. Are you experiencing other behavior?

Hi @dan.woda,

Thank you for the quick response and for the info!

I eventually did not proceed in this direction, so I didn’t check the expiry in practice.

I instead ended up using the enroll/delete/get MFA enrollment APIs available in the Guardian and the User sections in the Auth0 Management API. These APIs suited my needs equally well.

https://auth0.com/docs/api/management/v2#!/Guardian/delete_enrollments_by_id

Thanks for the update. I will mark that as the solution.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.