Step-up access token without asking again user credentials


After seeing your documentation about step-up workflow, I wanted to know if it’s possible to get a MFA token with only an access token.
Typically in my use case:

  1. App asks an access token with limited scopes, user’s username and password
  2. Auth0 return access token with the scopes and without MFA token
  3. App tries to request one of our API routes requiring a specific scope with the access token
  4. API route return 401 status code with the required scope
    Now what I’m looking for is:
  5. App tries to step-up with only current access token and adding the missing scope
  6. Auth0 return the MFA token to proceed to MFA workflow

I know that you can get a MFA token when trying to request for an access token with username and password but I want to know if we can avoid to ask again for user’s password when stepping up access token.

Thank you.