Authenticate after Create for Trusted application


#1

Hi all.

1)
{{url}}/api/v1/users?activate=true
with headers 
Authroization: SSWS {{apikey}}

{
  "profile": {
  	"firstName": "A",
    "lastName": "5login",
    "email": "5login@gmail.com",
    "login": "5login"
  },
  "credentials": {
    "password" : { "value": "Password111" }
  }
}

2)
{{url}}/api/v1/authn

with headers 
Authroization: SSWS {{apikey}}
X-Device-Fingerprint: fingerprint1

{
  "username": "5login",
  "password" : "Password111"
}  

I am getting SUCCESS state for authentication in step 2 instead of MFA_REQUIRED.
If I drop X-Device-Fingerprint it returns MFA_REQUIRED as expected.

Does anyone has a clue why Okta behaves this way? Is there anyway to get MFA_REQUIRED while sending X-Device-Fingerprint?

Thanks.
Brian.