guardianEnrollments not available in first time login

Help
,
1

Hello,
We are using the following action to capture and save the user’s phone number in the user׳s app_metadata.
(we have SMS MFA always on):

exports.onExecutePostLogin = async (event, api) => {
  if (event.user.app_metadata.phoneNumber) return

  const ManagementClient = require('auth0').ManagementClient;
  const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
  });
  console.log('created Auth0 Client')
  const guardianEnrollments = await management.getGuardianEnrollments({ id: event.user.user_id }) || []
  console.log('guardianEnrollments: ' + JSON.stringify(guardianEnrollments))
  const smsEnrollment = guardianEnrollments.find(e => e.type === 'sms')
  if (!smsEnrollment) return
  const {phone_number} = smsEnrollment
  api.user.setAppMetadata('phoneNumber',phone_number)
  return
};

The problem is that on the first login - the one that prompts the user to insert his phone number and enroll in the MFA, we get “[ ]” as the “guardianEnrollments”.

*we got this “[ ]” value immediately after the user enter his credentials and before he is prompted to insert his number…

**on the following logins, the action is working fine, and we get the correct “guardianEnrollments”

3

Hey @tal.sh :wave:

Thanks for the detailed post.

The behaviour you have described is expected and due to the design of the post-login action. To be able to implement conditional MFA via the Action, it is required that the post-login action chain run before MFA.

More specifically for your scenario; upon first login the management.getGuardianEnrollments() request will return an empty array, as this is being run prior to the user being enrolled. On subsequent logins the enrollment details will be returned, as the enrollment flow was completed prior to running the action.

I hope this helps!

1 Like
4

Thank you, @james.merrigan.

Is there ANY way to achieve my goal? (to capture the phone number after first login completes(after MFA enrollment phase))

Maybe in another flow? or by using hooks/actions?

2 Likes