I am doing MFA authentication flow to Yodlee backend and I have understood that only way to know that MFA flow is finished is to do getMFAResponse call and get following response.
{
"isMessageAvailable":true,
"fieldInfo":{
"questionAndAnswerValues":[],
"numOfMandatoryQuestions":-1
},
"timeOutTime":99300,
"itemId":12689201,
"errorCode":0,
"retry":false
}
And there that errorCode is what counts. Empty fieldInfo values are just unnecessary noice.
But problem is that when first call that get actual needed MFA fields in our test environment using DAG account lasts 0,4 seconds. But then extra getMFAResponse needed to know that MFA flow is finished takes 43 seconds.
Yes 43 seconds!!! I could walk to bank and queue to get some personal service in that time. Is that kind of response times normal what you can expect in production environment or is it problem with test environment? With that kind of response times it is pretty hard to do UI that would be somehow acceptable.
Of course if would know in advance that MFA flow is only 1 level deep then could just skip the extra refresh. Propably with that kind of response times have to do some dirty tricks and assumptions...
Seems that DAG config xml has following
<flowControlInfo>
<delayBeforeChallenge>-1</delayBeforeChallenge>
<delayBeforeLoginComplete>20</delayBeforeLoginComplete>
<delayAfterLoginComplete></delayAfterLoginComplete>
<expireToken>false</expireToken>
</flowControlInfo>
So from that it would look 20 seconds delay is expected (delayBeforeLoginComplete) but that is still 23 seconds less than what happens, and would expect getMFAResponse to return with isMessageAvailable = false in little bit shorter time.
