Change MFA Factors during post-login trigger

Get Help
,
1

Hello, I am trying to implement this logic.
During the post login trigger I want to do an actions like this:

exports.onExecutePostLogin = async (event, api) => {
  const smsEnrolled = event.user.enrolledFactors?.some(({type}) => type === "phone");

  if (!smsEnrolled) {
    const ManagementClient = require('auth0').ManagementClient;
    const management = new ManagementClient({ domain: DOMAIN, clientId: CLIENT_ID, clientSecret: CLIENT_SECRET });
    
    try {
        await management.users.createAuthenticationMethod({id: USER_ID}, {type: "phone", phone_number: "USER_PHONE_NUMBER_FROM_PROFILE"});
    } catch (error) {
        ...
    }
  }
};

So basically If the user doesn’t have phone as the second factor I would create it with the phone number in their profile to challenge them for the current login.

I found out that even though the create authentication method succeed, the current universal login still doesn’t know about that just created method.

Im wondering what can I do to get it working.

3

Hi @shawnyangkoho

Welcome to the Auth0 Community!

After you create or enroll the user to phone MFA as a second factor, you can use api.authentication.challengeWith({type: 'phone'}); in order to force them to authenticate using it during the login.

As an alternative solution to your issue you could do the following:

if (!smsEnrolled) {
   api.authentication.enrollWith({type: 'phone'})
}

This way, the user will be prompted to enroll with SMS MFA on their login.

If you have any other questions, feel free to leave a reply!

Kind Regards,
Nik