I have an application which uses Auth0 MFA. My code does an POST request to /oauth/token and if the response is an error stating mfa_required i do a POST request to /mfa/challenge to get the otp over email ,In the UI user enters the otp received and logins.
This flow works fine. But every time i logout and login , the otp is required. I want to change the authentication frequency , and and expects Auth0 to remember me for certain time.
Upon reading through the dosc i came arounf the topic Change authentication request frequency , implemented it using allowRememberBrowser: true , But it didn’t worked. Since i am not using the Auth0 flow . How can i implement this feature using the Auth0 api’s. Do i need to call any api so that the cookies are saved in my browser and the next time the authentication is skipped.
Can you please guide me through this .
function (user, context, callback) {
var CLIENTS_WITH_MFA = ['<<CODE>>'];
if (context.protocol === 'oauth2-refresh-token'){
return callback(null, user, context);
}
// run only for the specified applications
// if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) {
// uncomment the following if clause in case you want to request a second factor only from user's that have user_metadata.use_mfa === true
if (user.user_metadata && user.user_metadata.use_mfa){
context.multifactor = {
provider: 'any',
allowRememberBrowser: true
};
}
//}
callback(null, user, context);
}