Hi, we want to implement a step up like process in combination with emails (so send an email with a hash of our payload and once they are redirected to our app from the email they enter an otp) but we don’t want the user to re-enter their password. Is there a way we can do this?
Further to this: Is it recommended to store the mfa_token to re-issue challenges? We did notice that mfa_token expires within a couple of minutes and the only way to get another mfa_token is to supply the password again. Are there any other ways to get an mfa_token again apart from using password?