Token renewal on SPA + MFA

fdubuisson · October 9, 2018, 8:02am

Hi There,

we have a (js) SPA using Auth0 (database provider) and MFA enabled.
When the current session expires (which is 2h for now), we use the ‘checkSession()’ method to renew the token.
The issue is that we get an error “MFA authentication required” and thus, the session cannot be renewed and the user is logged out.
Is this an expected behavior ?

As the access token validity should be short-lived, the user experience is quite bad; and refresh tokens are not usable as this is a SPA.
The issue can be solved by checking the “Remember my browser” option (as stated in Unable to renew token when MFA is enabled) but this is not always a good option.

Using SDK auth-js v9.7.3

Thanks for your help !

ajv · April 25, 2019, 8:33am

Bump

konrad.sopala · September 2, 2019, 12:53pm

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

ajv · January 14, 2020, 11:04am

You can use a rule to skip MFA prompts for the user’s active session:

konrad.sopala · January 15, 2020, 10:47am

Thanks a lot for sharing it with the rest of community!

system · January 30, 2020, 10:47am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.