Registration with email MFA Factor, how to complete MFA_CHALLENGE


I am trying to set up a registration flow using email MFA in our React Native application, I was hoping someone could help me with the proper steps and sequence of events that needs to happen, I keep getting stuck at MFA_CHALLENGE, even though, from what I understand, in the steps below I am activating and verifying the email factor.

We are using the OKTA api to interact with our instance, except for sign in, which we are using @okta/okta-auth-js

What Im currently doing:

  1. create user in okta
  2. enroll email factor MFA and send email with code using
const { data } = await<OktaGetFactorResponse>(
      factorType: 'email',
      provider: 'OKTA',
      profile: {
        email: email,

  // This returns a status of PENDING_ACTIVATION on the factor
  1. User receives email with code, enters in our form

  2. Activate the email factor with the received code

const { data } = await<OktaGetFactorResponse>(
    { passCode },

  // returns status ACTIVE on the email factor
  1. Active the user

  // returns an activationUrl and activationToken
  1. SignIn the user. From what I can see, the OKTA api does not provide an api endpoint for signIn, so we are using @okta/okta-auth-js in our react native applica
// this is using @okta/okta-auth-js
signIn = async (options: OktaSignInReq) => {
    const transaction = await getAuthClient().signInWithCredentials(options);
    return transaction as OktaSignInRes;
  // this returns a status of MFA_REQUIRED

At this point, have I not already confirmed the email factor?

  1. After sign in, because the status is MFA_REQUIRED I do not get a session token back, so verify the login
  // find the signIn email factor and verify
  const emailFactor = signIn.factors?.find(item => {
    return item.factorType === 'email';

  await emailFactor?.verify?.();
  returns status MFA_CHALLENGE

I don’t know how to proceed, or what steps I am missing. The status on the user is ACTIVE in our OKTA admin console.

I do not have sessionToken returned from the signIn step, so I cannot continue and do the authorization.

How do I complete the flow?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.