Skip MFA validation if recently logged in with MFA #20605
Unanswered
JustKiddingCode
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I have an authorization flow that requires mfa with a last validation threshold of 5 minutes.
If I'm not logged in, I have to use my passkeys twice: The first time for the authentication stage, the second time for the authorization stage.
I tried to add a policy to skip the authorization stage, if the login happened in the last 5 minutes with MFA, but unfortunately the variables (i.e. context variable) do not supply such information in the authorization stage.
In the default authentication stage such information exist and are used to skip passkey (webauthn) validation.
Is there something I'm missing? Can I get the currently logged in user (auth_via: session)
Beta Was this translation helpful? Give feedback.
All reactions