Skip to content

Commit a8a7169

Browse files
ehfengehfeng
authored
Document MFA token auto-retry behavior for managed auth (#317)
Co-authored-by: ehfeng <[email protected]>
1 parent e6a58af commit a8a7169

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

auth/faq.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ Only if all of the above conditions are met will `can_reauth` be `true`. When tr
3434
After a successful login, Kernel saves the login flow. If the flow includes steps that require human action—like SMS/email OTP, push notifications, or manual MFA selection—Kernel marks the connection as unable to auto-reauth because those steps can't be automated without user input.
3535

3636
If your login flow requires one of these, you can still automate around it:
37-
- **Switch to TOTP** — If the site supports authenticator apps, add a `totp_secret` to your credential. TOTP codes are generated automatically, so the login flow won't require external action.
37+
- **Switch to TOTP** — If the site supports authenticator apps, add a `totp_secret` to your credential. TOTP codes are generated automatically, so the login flow won't require external action. If a TOTP code expires or times out before the site accepts it, Kernel automatically retries with a fresh code.
3838
- **Trigger manual re-auth** — Start a new login session and route the user through the [Hosted UI](/auth/hosted-ui) or [Programmatic](/auth/programmatic) flow.
3939

4040
## What are sign-in options?

auth/overview.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ The most valuable workflows live behind logins. Managed Auth provides:
121121

122122
- **Works on any website** - Login pages are discovered and handled automatically
123123
- **SSO/OAuth support** - "Sign in with Google/GitHub/Microsoft" buttons work out-of-the-box, with common SSO provider domains automatically allowed
124-
- **2FA/OTP handling** - TOTP codes automated, SMS/email/push OTP are supported
124+
- **2FA/OTP handling** - TOTP codes automated with automatic retry on expiry, SMS/email/push OTP are supported
125125
- **Post-login URL** - Get the URL where login landed (`post_login_url`) so you can start automations from the right page
126126
- **Session monitoring** - Automatic re-authentication when sessions expire with stored credentials
127127
- **Secure by default** - Credentials encrypted at rest, never exposed in API responses, or passed to LLMs

0 commit comments

Comments
 (0)