Auth0-spa-js and MFA broken?

I have an implementation of login working with auth0-spa-js, but if I enable MFA the flow breaks. handleRedirectCallback resolves with a null object. No error in the logs. If I turn MFA off for the user, boom back to normal, everything is fine.

Hi @tony.forma,

I would like to try and reproduce this issue. Can you provide the exact tutorial or quickstart you used, the code/implementation, and any other information you think could be relevant to the proposed bug.

Thanks,
Dan

It’s a simple React based SPA. On load if the users isn’t logged in:

createAuth0Client({
domain: ‘mytenant.auth0.com’,
client_id: process.env.AUTH0_CLIENT_ID,
redirect_uri: ‘https://me.host.com/’,
scope: ‘openid email nickname app_metadata’,
}).then(auth0 => {
auth0.loginWithRedirect();
});

on redirect:

if (window.location.search.includes(“code=”)) {
createAuth0Client({
domain: ‘mytenant.auth0.com’,
audience: ‘https://me.com’,
client_id: process.env.AUTH0_CLIENT_ID,
redirect_uri: ‘https://me.host.com/’,
scope: ‘openid email nickname app_metadata’,
}).then(auth0 => {
auth0.handleRedirectCallback().then(redirectResult => {
console.log('r: ', redirectResult);
auth0.getUser().then(user => {
console.log(‘u:’, JSON.stringify(user));

I see the problem with the code. There is no audience when creating the Auth0Client during the login step, and there is when creating it during the redirect handler step. Fixing that does indeed fix it.

1 Like

Glad you were able to figure it out.

Thanks,
Dan