Architecture
Frontend - React (using the library okta-auth-js)
Backend - Java (Resource server, using the authorization server)
So I am able to verify email multifactor flow using the postman Okta API . When I use the existing code okta-auth-js - authClient.signIn(credentials),
After enabling th MFA on the application, i expect the transaction returned from the authClient.signIn(credentials), should have status
status: ‘MFA_REQUIRED’,
instead I get
status: ‘SUCCESS’ - which means authentication flow complete.
The login flow fails when we try to get the id_token with error - “login_required, error.description: The client specified not to prompt, but the client app requires re-authentication or MFA.”
So I am not really sure what I am missing.
Documentation I am refering - https://github.com/okta/okta-auth-js#transactionstatus