Sign in Widget & sessions API returning different status


I’m having the same issue as this

The signin widget has a active of ‘ACTIVE’ while a backend API call to /api/v1/sessions/ says the status is ‘MFA_REQUIRED’

Here is the code:

The status is ‘ACTIVE’ here in the frontend :

But when trying to verify server side it says the status is ‘MFA_REQUIRED’ here:

Whats going on here? How can I verify the session correctly?


This definitely seems like interesting behavior. Mind shooting us an email to

I think this is going to require some troubleshooting.



Hey @tom thanks for the reply. I just sent an email


Hey @tom I never got a response back from

How can we figure out this issue? It’s holding back a release of a demo I’m building



Hi @davidwells - sorry for the delay, I was on PTO.

I need some more information about your set up. How is MFA set up in your org?

The only thing that can come to mind here is that maybe the widget is using the fingerprinting functionality and your backchannel server call is not, and that would return MFA_REQUIRED.


My app is setup in here:

It is setup with SMS auth

The site is here: When trying to verify the token server side it says the status is ‘MFA_REQUIRED’ here: 1

Thanks for your help