When implementing MFA in your application, you might want to prompt signed-in users to provide their configured second factor.
To do that, initiate a new login flow using one of these endpoints with the
aal parameter set to
When the user successfully provides their configured second factor:
- The method, for example
totp, is added to the Ory Session.
- Ory Session Authenticator Assurance Level (AAL) is set to
authenticated_attime is set to the time when the user provides the second factor.
If the Ory Session has
aal2 already, this will error. In that case, you can request to refresh the session using the second