OKTA - Angular Sign-in widget + MFA

I have an Angular 11 application which uses Okta sign-in widget. I have setup MFA by following instructions from this answer. Currently, I can login into the application with MFA in Chrome browser. But after entering code from Okta Verify app, I get following screen in other (Safari, Brave) browsers. The verify API call returns 200. But I get following error in the console. error.errorCode: login_required, error.description: The client specified not to prompt, but the client app requires re-authentication or MFA

How should I debug or solve this issue?

What are the reproduction steps to trigger this error? Does it occur consistently only in non-Chrome browsers?

The MFA is setup is done by following the steps mentioned in the StackOverflow, link given in the question. It happens consistently only in non-Chrome browsers.

If you clear your cache/cookies in Chrome, do you still see it working differently in Chrome than in other browsers? What does the app-level sign on policy look like and is it set to Per Device?

No it doesn’t work in Chrome too if I try it in incognito mode.

Attached the sign on policy.

hi, do you find a solution for this issue? i have same problem “login_required, error.description: The client specified not to prompt, but the client app requires re-authentication or MFA”

@godiegodie Unless you are using an Okta-hosted widget app-lvel MFA won’t function as expected. It seems you cannot use custom login page with this setting. Refer this too - The client specified not to prompt, but the client app requires re-authentication or MFA

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.