Hi all,
We try to utilize factors API, whose documentation is here, in order we be able to perform the reset of an MFA factor. The whole user journey in our application is the following:
- We check in the enrolled factors for the user that wants to do so, using this endpoint
- We present the factors the factors that the user is enrolled in a form
- User selects one of the factors via and submits it.
- Then we delete that factor for the user.
It’s not clear the status of a factor returned by the endpoint:
/api/v1/users/**${userId}**/factors
According to the documentation, this endpoint
Enumerates all of the enrolled Factors for the specified User
On the other hand if we see the valid values from the table here:
There is a specific status value called ENROLLED.
What’s the difference between ACTIVE and ENROLLED ?
Shouldn’t the API call we perform return only the factors whose status is ENROLLED ?
For instance we have this view from the Okta for a user:
Whereas, when we try to read the factors that the user is enrolled we get back two factors
- webauthn
and their status is ACTIVE, not ENROLLED.