Dear Community members.
We are have implemented login flow with password and MFA via SMS by using the Auth0.
And to achieve better security, we would like to add another func and having some problem…
Could somebody help us to resolve the issue below.
Normally, we let users login with one mobile device. (Smart phone, tablet and so on)
And if user is trying to login with another device, we would like to ask user if s/he accepts the login on it.
It is something like the login flow of Apple ID, like, when user is trying to login with new device, notification is sent to another Apple device s/he owns, then ask if the login is conducted by him/herself
and allow him/her to login once s/he accepts it.
We would like to achieve this by some additional operations on our server side after login completed.
However, once the authentication is done, the access token and refresh token is sent to device via http and it can be easily intercepted by some network monitoring tools on device, I guess.
So, if possible, we would like to achieve it on the Authentication flow happening on Auth0 login page.
Could somebody give us some advice to achieve it??