How to control MFA with Gatsby.js and auth0-react?

NeilShang · June 23, 2021, 5:53am

1.I refer to this document to protect routes

2.I enable MFA with always

3. I refresh the protected page after login ,I saw this request everytime.

4. And I will be redirect to MFA page when I refresh page after login
and this is my question
1.If I enable MFA with always,I need enter OTP everytime ,when refresh protect page?
2,if I only want to ask MFA when login not for refresh protect page,what can I do?

NeilShang · June 29, 2021, 7:31am

1.switch config to never

2.use this rule

github.com

auth0/rules/blob/master/src/rules/require-mfa-once-per-session.js

/**
 *
 * This rule can be used to avoid prompting a user for multifactor authentication if they have successfully completed MFA in their current session.
 *
 * This is particularly useful when performing silent authentication (`prompt=none`) to renew short-lived access tokens in a SPA (Single Page Application) during the duration of a user's session without having to rely on setting `allowRememberBrowser` to `true`.
 *
 * @title Require MFA once per session
 * @overview Require multifactor authentication only once per session
 * @gallery true
 * @category multifactor
 */

function requireMfaOncePerSession(user, context, callback) {
  let authMethods = [];
  if (context.authentication && Array.isArray(context.authentication.methods)) {
    authMethods = context.authentication.methods;
  }

  const completedMfa = !!authMethods.find((method) => method.name === 'mfa');

This file has been truncated. show original

konrad.sopala · June 29, 2021, 9:38am

Thanks for sharing it with the rest of community!

system · July 14, 2021, 9:38am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.