Hi team! Fantastic work on descope, really loving how easy it is to setup auth without having to understand really deeply the tech behind things (oauth,sso,mfa). Huge fan of the FLOWS, really useful to visualize when explaining to stakeholders how the auth is designed. Can the user be forced to reauthenticate for certain endpoints in the app using a new flow even after initial sign-in ? For example, the user needs to update their details on the app and many apps have a flow to reauthenticate in such a scenario before making changes.

Thanks @little-zoo-60777! Yes - you can enforce "step-up" authentication for specific actions. This will create a new session token that will include the

su

indication so you can confirm this in the backend. Checkout our

dolrr

sample app, where this scenario is demonstrated when you go to the Admin Dashboard. https://dolrr.biz