Currently we have applications using SAML Addon for authentication, which stopped working sometime between Saturday and Yesterday.
It fails at the
https://tenant.guardian.au.auth0.com/api/start-flow with the json response
The MFA widget displays the error: “Seems that you are not authorized to perform this action.”
When hitting the
https://tenant.au.auth0.com/mf endpoint, the initialised MFA widget has a JWT with a null clientId.
Three applications using this method are failing, but other applications are able to log in with MFA without difficulty. If logging in through a different path and saving the MFA device for 30 days, the SAML endpoints allow login.
This happens with/without rules, and with multiple different users.
This was also working until the last few days, and we haven’t changed anything our end. Not sure where to go from here.