Optionalaccess_OptionalaudienceOptionalexpires_Optionalid_Optionalrecovery_New recovery code, if the tenant regenerates it on verify. Present only when a recovery code was used and the tenant is configured to rotate codes.
Optionalrefresh_OptionalscopeAlways true on a successful verification.
Optionaltoken_
MFA verify response.
In Next.js (and any server-rendered app), tokens are stored in the session cookie server-side after a successful verify. They are never sent in the HTTP response body. Only
success: trueis guaranteed; callgetAccessToken()after verify to retrieve the access token.All fields other than
successandrecovery_codeexist for backward compatibility only and will always beundefinedat runtime. They are deprecated at the field level and will be removed in the next major version. UsegetAccessToken()aftermfa.verify()to retrieve the resulting token.