Sign in Widget & sessions API returning different status

I’m having the same issue as this

The signin widget has a active of ‘ACTIVE’ while a backend API call to /api/v1/sessions/ says the status is ‘MFA_REQUIRED’

Here is the code:

The status is ‘ACTIVE’ here in the frontend :

But when trying to verify server side it says the status is ‘MFA_REQUIRED’ here:

Whats going on here? How can I verify the session correctly?

This definitely seems like interesting behavior. Mind shooting us an email to

I think this is going to require some troubleshooting.


Hey @tom thanks for the reply. I just sent an email

Hey @tom I never got a response back from

How can we figure out this issue? It’s holding back a release of a demo I’m building


Hi @davidwells - sorry for the delay, I was on PTO.

I need some more information about your set up. How is MFA set up in your org?

The only thing that can come to mind here is that maybe the widget is using the fingerprinting functionality and your backchannel server call is not, and that would return MFA_REQUIRED.

My app is setup in here:

It is setup with SMS auth

The site is here: When trying to verify the token server side it says the status is ‘MFA_REQUIRED’ here: 1

Thanks for your help

Looking more into this, the /me call is not returning the ID of the session, but an externalID that is only used for token refreshes through CORS.

Is there any reason to not use the okta react library? Since this is SPA application, the okta-react library will not be able to get a refresh token, and behind the scenes silently refreshes the access token if the user has a valid session. This means you get can implicitly trust that the access token (if it hasn’t expired) means that the user still has a valid session. And, use the library to detect the if the user has authenticated or not.

This would require that your node backend will need to verify and validate the access token JWT before generating and returning your netlify access cookie.

Let me know if this makes sense, happy to assist further!