Is it possible to setup auth0 such that it prompts a user for email and password on every login.
I tried changing the token life duration but every time I go to the login page it goes directly to the 2FA page. I would like auth0 to first prompt for email and password and then to go to 2FA.
We have an external company using our auth0 tenants to authorize our users on their systems. The only way is to tell them to use prompt=login in their requests? Is there another way to do this?
Unfortunately, there isn’t an alternative way to force login in this case.
It may be possible to configure the token expiration settings so that the user can only stay authenticated for a short set amount of time before requiring to log in again.
If this is applicable, please take a look at the Update Access Token Lifetime doc on how to set the token expiration settings.
Doing so, should not prompt the user to 2FA since their session has expired and must re-input their credentials.