RyanW.94985 (Customer) asked a question.
Can do:
I am able to use the primary auth endpoint with the MFA option set to true to advance the state to MFA enroll. The user receives an email at the address specified in the body of the request that contains a six digit code.
Seems to fail:
I am unable to move the state past MFA Enroll Activate. I use the following end point on my preview site: api/v1/authn/factors/FACTOR_ID/lifecycle/activate AND a body which contains the state token from the primary auth and the passCode received via the email. The resulting response is a 403 forbidden (E0000005 - Invalid Session).
There isn't a lot of documentation on the Email Factor as it relates to activation or maybe I haven't found it yet. Either way, I want to be able to go from primary auth to enroll to activate within the transactional pipeline of the authentication process. I know I can utilize the factors api to activate the email factor, but this doesn't move me to the next transaction state.
Hi Ryan,
The email factor is automatically activated for all enrolled users.
After doing primary authentication you should get to the "MFA_REQUIRED" transaction state as the email code shouldn't be sent automatically.
After doing a call to /api/v1/authn/factors/{factorID}/verify/resend you should receive the email with the 6-digit OTP; this changes the state to "MFA_CHALLENGE" as a code has now been provided.
The final call to /api/v1/authn/factors/{factorID}/verify containing the correct OTP will authenticate the user.