MFA Error: The client specified not to prompt, but the client app requires re-authentication or MFA

api

#1

I get the following error after the google authenticator mfa gets successfully verified and “SUCCESS” is returned.

error.errorCode: login_required, error.description: The client specified not to prompt, but the client app requires re-authentication or MFA

I have created a policy in okta admin and checked off “Prompt for Factor”. The MFA verification call (stateToken and passCode body params) returns a “SUCCESS” response but after the setCookieAndRedirect(data.sessionToken) gets called, I get the above error.

All suggestions welcome! Thanks.