I did a MFA auth after Login which generated a mfa token.
Can I determine what mfa method was used from the generated MFA token?
Hi @khushbu
Thank you for reaching out to us!
Gathering user information from the MFA Token is not doable, as this is an opaque, single-use artifact that is intended to be sent to Auth0 in order to complete the login process. Instead, you can pull this information from the ID Token, that you receive after the MFA Token is exchanged successfully.
Inside the decoded ID Token, you can use the amr claim to check for MFA factor used. This claim lists all the methods satisfied by the user during login, and can have the following structure:
{
"iss": "https://your-tenant.auth0.com/",
"sub": "auth0|123456789",
"aud": "your-client-id",
"iat": 1678886400,
"exp": 1678922400,
"amr": [
"pwd",
"mfa",
"sms"
]
}
More details on this matter can be found in our following documentations and topics:
- Validate ID tokens for MFA
- Create Custom Claims
- If amr claim is only available in the ID Token how can I validate the Access Token to check for MFA?
Hope this helped!
Gerald