MySQL 8.4.0
Source Code Documentation
Multi Factor Authentication

Assume the client wants to log in via user account U and that user account is defined with multiple authentication methods namely X,Y,Z.

Assume default authentication method on both server and client is X.

Authentication

A successful authentication path looks as follows:

  1. The client connects to the server
  2. The server sends Protocol::Handshake
  3. The client responds with Protocol::HandshakeResponse:
  4. X authentication method packets are exchanged
  5. The server responds with an Protocol::AuthNextFactor: containing client side plugin name and plugin data of plugin Y.
  6. Client reads plugin name and plugin data from AuthNextFactor packet and loads corresponding client side plugin.
  7. Y authentication method packets are exchanged
  8. The server responds with an Protocol::AuthNextFactor: containing client side plugin name and plugin data of plugin Z.
  9. Client reads plugin name and plugin data from AuthNextFactor packet and loads corresponding client side plugin. 10.Z authentication method packets are exchanged 11.The server responds with an OK_Packet
Note
At any point, if the Nth Authentication Method fails, the server can return ERR and disconnect. And the client can just disconnect.