Request otp from management api / back-end

Hi, we want to implement a step up like process in combination with emails (so send an email with a hash of our payload and once they are redirected to our app from the email they enter an otp) but we don’t want the user to re-enter their password. Is there a way we can do this?

Further to this: Is it recommended to store the mfa_token to re-issue challenges? We did notice that mfa_token expires within a couple of minutes and the only way to get another mfa_token is to supply the password again. Are there any other ways to get an mfa_token again apart from using password?

Hey there @TheoB!

Sorry for such delay in response! We’re doing our best in providing you with best support and knowledge we can but sometimes we’re simply not able to handle all those questions as we’re people resources constraint. Thank you for understanding and sorry for any inconvenience!

Can you let me know whether you’ve figured it out in the meantime or if you require my further help down the road?

Have you had a chance to see my last message?