Prompt for MFA on specific actions

Hello, can you guide me how to prompt user for MFA on specific action?
I have frontend client app and backend API.

I want users to be always promted for MFA on call to some endpoints of API.

Login flow:

  1. User clicks on “Log In” button on frontend.
  2. User is redirected to Auth0 login page.
  3. JWT is received on frontend and sent to backend.
  4. On backend ID Token is parsed and user is signed in with associated user record.

Next, suppose, user tries to withdraw some funds.

  1. Frontend makes POST /withdraw.
  2. Backend responds with “MFA required”.
  3. Frontend redirects user to Auth0 with new scope “transfer:funds”
  4. Custom rule is applied and 2fa is requested. But what if user has logged in with MFA initially? Will he be asked to authenticate again?

I’ve replied to your question in this thread:

so as not to multiply the same topics in our forum.

Thanks for understanding!