<?xml version="1.0" encoding="UTF-8"?><oembed><type>video</type><version>1.0</version><html>&lt;iframe src=&quot;https://www.loom.com/embed/f11fd99512cc464ab0e9a40aa7870e97&quot; frameborder=&quot;0&quot; width=&quot;2218&quot; height=&quot;1663&quot; webkitallowfullscreen mozallowfullscreen allowfullscreen&gt;&lt;/iframe&gt;</html><height>1663</height><width>2218</width><provider_name>Loom</provider_name><provider_url>https://www.loom.com</provider_url><thumbnail_height>1663</thumbnail_height><thumbnail_width>2218</thumbnail_width><thumbnail_url>https://cdn.loom.com/sessions/thumbnails/f11fd99512cc464ab0e9a40aa7870e97-6daeaca1663de138.gif</thumbnail_url><duration>4159.246</duration><title>Authsignal Walkthrough - Adaptive MFA</title><description>In this Loom, I show how to track an AuthSignal action called Payment and use its state to control whether I proceed or step up authentication. I start with the outcome set to challenge, then change it to allow, and explain that my backend should use the returned state. I add a rule to challenge when a custom amount is greater than 1000, so 1000 and under allows, and 1001 and above requires a challenge. When challenged, AuthSignal returns a URL and I pass a redirect URL to return with a token. I requested nothing from viewers directly, but the flow demonstrates copying and validating the returned token on my server, which returns ChallengeSucceeded, plus the user ID and action code.</description></oembed>