Google Authenticator MFA

I’m trying to add MFA via Google Authenticator to a single-page web app, as well as iOS and Android mobile clients. All 3 of these are using the Lock login. When a user logs into the web app for the first time, a QR code appears that can then be scanned. If a user logs into the mobile app for the first time, no QR code is shown.

My question is, how are users supposed to enroll when using mobile? Obviously showing a QR code on mobile wouldn’t make sense, unless you had another device to scan it. Is there a way to programmatically open the Google Auth app and auto-enroll the user or something?

Help is appreciated!

Would something like this work?
Edit: It should at least on Android

The Google Auth source code?

Obviously showing a QR code on mobile wouldn’t make sense, unless you had another device to scan it.

There is a link “Trouble scanning” that allows to enter the code manually into the authenticator…

… on the next page, when clicked:

Thanks for the reply. That QR code does not show up with Lock embedded login on mobile, it just goes straight to the ‘Enter your one-time code’ screen.

Ok I see, it’s the embedded Lock, not the Lock inside the Auth0 hosted page (so you’re not redirecting to Auth0 hosted page).
In this case, you could use the Authentication API regarding MFA https://auth0.com/docs/api/authentication#add-an-authenticator

Is there a way to programmatically open the Google Auth app and auto-enroll the user or something?

From a quick Google search, I don’t think it’s possible (i.e. on Android), as there’s no respective Intent available yet (at least, it’s an open issue for the Google Authenticator on Android).

No. If I understood correctly that you want to enroll user with a new MFA and add the key to the authenticator automatically thene read the linked wiki page about Key Uri Format. With that you are able to create an uri that client can open (or autoredirect the client). Opening that uri will open Google Authenticator app automatically and ask user if he/she wants to add your key.

I created a simple web page to demonstrate this. Open it with a mobile device with installed Google Authenticator app. There is a link that should open Google Authenticator for you and ask for adding the key. It uses the same example uri found from the wiki: otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example

I verified this, works with at least Android 9 and Google Authenticator version 5. I don’t have iOS device to test this on it.