Failed Silent Auth once MFA is enable

I am getting Failed Slient Auth.

I tried two different ways with action and without action action flow with MFA.

Error log:
{
“date”: “2025-04-01T23:38:33.183Z”,
“type”: “fsa”,
“description”: “Login required”,
“client_id”: “###”,
“client_name”: “Mental Health Academy”,
“ip”: “203.30.138.56”,
“user_agent”: “Firefox 137.0.0 / Windows 10.0.0”,
“details”: {
“body”: {},
“qs”: {
“client_id”: “###”,
“scope”: “openid offline_access profile email read:users read:roles”,
“redirect_uri”: “###”,
“audience”: “###”,
“allowRememberBrowser”: “false”,
“type”: “RequireMultifactorAuth”,
“provider”: “any”,
“prompt”: “none”,
“response_type”: “code”,
“response_mode”: “web_message”,
“state”: “###”,
“nonce”: “###”,
“code_challenge”: “###”,
“code_challenge_method”: “S256”,
“auth0Client”: “###”
},
“connection”: null,
“error”: {
“message”: “Login required”,
“oauthError”: “login_required”,
“type”: “oauth-authorization”
},
“riskAssessment”: null
},
“hostname”: “###”,
“audience”: “###”,
“scope”: [
“openid”,
“offline_access”,
“profile”,
“email”,
“read:users”,
“read:roles”
],
“auth0_client”: {
“name”: “auth0-spa-js”,
“version”: “2.1.3”
},
“$event_schema”: {
“version”: “1.0.0”
},
“log_id”: “90020250401233833224085000000000000001223372072280457204”,
“tenant_name”: “dev-ttwsw5eeb654wx51”,
“_id”: “90020250401233833224085000000000000001223372072280457204”,
“isMobile”: false,
“id”: “90020250401233833224085000000000000001223372072280457204”
}

With MFA normal flow, if I click on “Remember 30 Days,” it works. But without clicking, it redirects me to the login page every time.

With action, the same thing happens.

I am using “@auth0/auth0-spa-js”: “^2.1.3”

Can you please help with this?

Hi @chandani.j

Welcome to the Auth0 Community!

I am sorry about the delayed response to your inquiry!

From what I understand, the behaviour you have described appears to be expected.
If the browser is not remembered for 30 days, it will prompt the users to re-authenticate whenever silent authentication is attempted within the application and will throw in the specified error.

If you have any other questions, let me know!

Kind Regards,
Nik

Hi Nik,

The problem is that if the user doesn’t select ‘Remember for 30 days,’ they are always redirected to the login page, even after entering the OTP.

From what I understand, Auth0 is forcefully requiring the ‘Remember for 30 days’ option to be selected.

This issue only occurs when MFA is enabled.

I see, thank you for the extra info.

Did you set the MFA to be Always requited or do you have it set to Never and enforce it using an action when the user is redirected to the login page?

Kind Regards,

Nik

Hi Nik,

I have set MFA to always be enabled. Here is my code. I am using Vue.js.

async initAuth ({ commit }) {
    const auth0 = await createAuth0Client({
      domain: process.env.AUTH0_DOMAIN,
      clientId: process.env.AUTH0_CLIENT_ID,
      responseType: 'token id_token',
      authorizationParams: {
        redirect_uri: process.env.AUTH0_REDIRECT_URI,
        audience: process.env.AUTH0_AUDIENCE,
        scope: 'offline_access openid profile email read:users read:roles',
        allowRememberBrowser: 'true',
        connection: 'Username-Password-Authentication'
      }
    })

    commit('setAuth0', auth0)

    try {
      const token = await auth0.getTokenSilently({
        allowRememberBrowser: 'true'
      })

      const payload = JSON.parse(atob(token.split('.')[1])) // Decode JWT payload

      const permissions = payload.permissions || []

      const userTmp = await auth0.getUser()

      const user = {
        ...userTmp,
        permissions: Array.isArray(permissions)
          ? permissions.map(permission => ({
            name: permission.name || permission, // Adjust based on structure
            label: permission.label || permission // Adjust based on structure
          }))
          : permissions.split(',').map(permission => ({
            name: permission.trim(),
            label: permission.trim()
          }))
      }
      const hasAdminPermission = user.permissions.some(permission => permission.name === 'admin')

      if (hasAdminPermission) {
        const email = user.email
        const tokenid = user.sub

        commit('setToken', token)

        if (token) {
          const { data } = await getInstance().post('/v1/admin/authLogin', {
            email,
            token,
            tokenid
          })
          if (data) {
            localStorage.setItem('userEmail', email)
            localStorage.setItem('accessToken', data.accessToken)
          }
        } else {
        }
        commit('setLoading', false)
      } else {
      }
    }