Hi team,
I have been using Phone Message as 2FA provider in my application till now. I have a custom Action that has following code:
exports.onExecutePostLogin = async (event, api) => {
if (event.user.user_metadata.mfa_required === false) return
const enrolledMFA = event.user.multifactor.length;
if (enrolledMFA <= 0) {
api.multifactor.enable("any", {allowRememberBrowser:true});
};
};
Now if I enable “One Time Password (Google Authenticator)” from Security → Multi-factor Auth, when I try to login I get option to enroll for Google Authenticator and also a link “Try another method” which is expected as I had enabled both Phone Message and TOTP and have written api.multifactor.enable("any", {allowRememberBrowser:true});
in Actions.
But even if I change my actions to api.multifactor.enable("guardian", {allowRememberBrowser:true});
and deploy it, it’s showing option to enroll for google authenticator. There is no change even if I change the actions to api.multifactor.enable("google-authenticator", {allowRememberBrowser:true});
. How to make this work?
My use case is, by default user should be asked for Phone Message OTP, but I will set the event.user.user_metadata.require_google_auth
to True for some users and if it is true, i want to ask for Google Authenticator OTP instead.
Hoping for quick help.
Thanks