We would like to implement OTP verification for critical transactions, and our use case is as follows:
1)The user registers with Auth0 using email, password, OTP, and Biometrics.
2)After registration, the user lands in the application.
3)The user can perform all normal transactions without additional OTP verification.
4)For critical transactions, such as burning loyalty points in our retail app, the user must verify themselves with an OTP before proceeding.
I have reviewed the relevant blogs and documents, but some parts remain unclear. Our goal is to have the application call back to Auth0 when the user initiates a critical transaction, prompting Auth0 to display an OTP page. After verification, the response should be sent back to the application.
Based on my understanding, the app should call the Auth0 MFA API, take the response, and then display an OTP page (which needs to be developed by the app team since the API only returns a response). Once the OTP is validated, the user can perform the critical transaction.
Please confirm if our understanding is correct. Thank you.