Hi, Users are not very comfortable to enter password in mobile each time tokens are expired. We have a requirement for 3-legged authentication where in: 1) Users login with their username/password or phone/OTP 2) Post the login we ask user to set a pin. 3) Use PIN till the token (refresh) expires. 4) On token expiry start from step 1 I have few questions to implement above requirement: 1) Does Descope supports above requirement 2) Is there a possibility of Forgot PIN kind of feature similar to forgot password

You can probably do this using the stepup token 1. login via phone & otp 2. set a pin, using the password mechanism 3. do a stepup with this password (which will be very easy one, remove passwords restrictions 4. On app side, validate that this JWT is a stepup JWT 5. When it is expires, do the stepup with the password only 6. If user is not logged in, do OTP all over again If you are using the password mechanism, then there is a reset option for it

Thanks @some-keyboard-85034, currently we are using Descope-Google Authentication, will the above approach work with Google Authentication?

Not sure I follow the question, are you referring to TOTP with Google Authenticator ? If you want to use that, you can do that

@best-controller-63053 - let us know if there are any follow-up questions. We can assist with designing the right flow for mobile usage that will reduce friction and avoid password typing...