Performing a refresh token flow

You can ensure that a user performs an MFA within a specified time.

MFA lifetime

When you use an access policy with the refresh token flow, the MFA lifetime condition can be used to ensure that a user performs MFA within a specified time period. When they refresh their access token, a challenge for MFA is returned. However, the access token that is issued remains valid after the MFA period expires. It expires when the access token lifetime is reached. The MFA validity lifetimes are evaluated only when the refresh token flow is performed.