Determine MFA method used during user login

Is it possible to see MFA method (sms, totp, etc.) used during login when JWT or SAML is issued. I was expecting this to be available in amr claim.

Thanks.

Hi @silky.jain,

Welcome to the Auth0 Community!

It looks like it should be available in the id token. Have you looked in the access token or id token?

Hi Dan,
For my usecase MFA is configured externally via okta and not auth0. Does auth0 process amr claim that is available in token provided by okta?

I’ll have to test this to find out if it is possible. Can you tell me more about your setup? What kind of connection you are using?

Sample fetch user profile script using custom social connection. Script throws error if IdP did not force MFA.

function(accessToken, ctx, cb) {
    var i = jwt.decode(ctx.id_token);
    var p = {
      user_id: i.sub,
      name: i.name,
      email: i.email
    };

    var error = null;
  	if (!(i.amr && i.amr.includes('mfa'))) {
    	error = new Error('MFA required');
    }
  
    cb(error, p);
}