The forgot password flow for the app when the user calls resetPassword function in the transaction is now returning MFA_REQUIRED instead of SUCCESS.
I am 100% sure it used to be SUCCESS when we were testing this flow in the past. Like this example in the API docs: Authentication | Okta Developer
Are you seeing that status AFTER the user has completed their password reset? Is there a sign-on policy that is requiring them to validate an MFA factor? Its possible this last bit changed since you tested this previously, so maybe test the same with a test user that will not be prompted for a factor