Hello, can you guide me how to prompt user for MFA on specific action?
I have frontend client app and backend API.
I want users to be always promted for MFA on call to some endpoints of API.
- User clicks on “Log In” button on frontend.
- User is redirected to Auth0 login page.
- JWT is received on frontend and sent to backend.
- On backend ID Token is parsed and user is signed in with associated user record.
Next, suppose, user tries to withdraw some funds.
- Frontend makes POST /withdraw.
- Backend responds with “MFA required”.
- Frontend redirects user to Auth0 with new scope “transfer:funds”
- Custom rule is applied and 2fa is requested. But what if user has logged in with MFA initially? Will he be asked to authenticate again?