Skip to content

Document MFA token auto-retry behavior #317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ehfeng merged 1 commit into from
Apr 3, 2026
Merged

Document MFA token auto-retry behavior #317

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion auth/faq.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Only if all of the above conditions are met will `can_reauth` be `true`. When tr
After a successful login, Kernel saves the login flow. If the flow includes steps that require human action—like SMS/email OTP, push notifications, or manual MFA selection—Kernel marks the connection as unable to auto-reauth because those steps can't be automated without user input.

If your login flow requires one of these, you can still automate around it:
- **Switch to TOTP** — If the site supports authenticator apps, add a `totp_secret` to your credential. TOTP codes are generated automatically, so the login flow won't require external action.
- **Switch to TOTP** — If the site supports authenticator apps, add a `totp_secret` to your credential. TOTP codes are generated automatically, so the login flow won't require external action. If a TOTP code expires or times out before the site accepts it, Kernel automatically retries with a fresh code.
- **Trigger manual re-auth** — Start a new login session and route the user through the [Hosted UI](/auth/hosted-ui) or [Programmatic](/auth/programmatic) flow.

## What are sign-in options?
Expand Down
2 changes: 1 addition & 1 deletion auth/overview.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ The most valuable workflows live behind logins. Managed Auth provides:

- **Works on any website** - Login pages are discovered and handled automatically
- **SSO/OAuth support** - "Sign in with Google/GitHub/Microsoft" buttons work out-of-the-box, with common SSO provider domains automatically allowed
- **2FA/OTP handling** - TOTP codes automated, SMS/email/push OTP are supported
- **2FA/OTP handling** - TOTP codes automated with automatic retry on expiry, SMS/email/push OTP are supported
- **Post-login URL** - Get the URL where login landed (`post_login_url`) so you can start automations from the right page
- **Session monitoring** - Automatic re-authentication when sessions expire with stored credentials
- **Secure by default** - Credentials encrypted at rest, never exposed in API responses, or passed to LLMs
Expand Down