Hi. I have another app that requests MFA after the user logs in using the Login trigger action flow.
But I have a different use case and would like to know whether I can request the user to do MFA at a later stage after they have successfully logged in and already have an access_token?
The Machine to Machine flow use case is not meant for users. So I’m not sure which Action Flow would I have to use in this case?
Did you figure it out? This seems like an essential feature but docs don’t bother to explain how.
How do we ask for MFA after they are already logged in? I don’t want to make them login again with loginWithRedirect.
Using getAccessTokenSilently with the same scopes that trigger MFA just has an error: “Multifactor authentication required”
Hi @kabelo and @dominic.tobias
Welcome to the Auth0 Community!
I am sorry about the delayed response to your inquiry!
Unfortunately, you are unable to invoke the MFA challenge outside of the authentication flow.
One way would be to invalidate the user’s session and prompt them for re-authentication, however, this seems to be unsuitable for your use cases.
Alternatively, you can use custom logic in order to implement Step-Up Authentication.
You could set specific user metadata in order for them to be prompted for MFA when accessing specific resources from your application.
Otherwise, without invoking the authentication flow, you cannot prompt for MFA after a specific period of time (every 60 minutes for example).
If you have any other questions, feel free to leave a reply or post again on the community!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.