Overview
The Stytch API returns anintermediate_session_token instead of a full session_token when intermediate authentication steps are required, such as multi-factor authentication (MFA).
Once a user completes all necessary authentication steps, the intermediate_session_token can be exchanged for a full member session_token.
The frontend SDK automatically stores the returned
intermediate_session_token and will include them in subsequent authentication requests.In authentication flows
Intermediate session tokens are used to retain the authentication state throughout these flows. These guides detail what happens during each flow and provide examples for guidance (if you are building your own authentication UI flow while using the Stytch API):Organization discovery
The state after authentication and before the user selects an organization to access.
Multi-factor authentication (MFA)
Also called two-factor authentication (2FA), multi-factor authentication requires users to provide two or more factors to verify their identity.
Step-up authentication
A type of multi-factor authentication where an application requests additional identification information to verify a user’s identity, often to meet security or compliance requirements.
Stytch UI provides pre-built, out-of-box support for all of the above authentication flows.