hello,
I’m thinking about building custom MFA solution for my app, as I the out of the box MFA solution doesn’t satisfy our needs (correct me if I’m wrong, but from what I’ve researched, it doesnt allow me to create custom theme for login + mfa so everything matches. If that is not true, and someone has an example, please send it!!)
The way i’m thinking of implementing this is creating a post registration action that redirects user to a page where they can setup MFA and after they do that, they get redirected back in order to get the token (same goes for post login - but there they will just complete the MFA rather then set it up). What would the preferred way of doing that be? I was thinking of generating a UUID inside an action for that specific user, POSTing it to my API so new MFA setup request is generated tied to that uuid, and then redirect user to the url with the uuid inside, where they can setup their MFA — For that implementation, I would like to secure the endpoint so only the action can access it, would machine 2 machine flow be any good here?. I could also use the encodeToken functionality to create a simple session token for user, with which they can call the MFA endpoints.
What do you think of these solutions? I would still prefer to use out of the box TOTP that Auth0 provides, I havent found any docs/examples on how to completely restyle the whole login/MFA experience. So once again, I would be eternally grateful if someone can provide an example of this!
Thanks!