How to implement MFA in a SPA with custom login UI (not Universal Login)?

ankititsignups · August 3, 2025, 7:45am

I’m building a Single Page Application (SPA) with a custom login form (not using Universal Login). I want to enforce MFA (e.g., TOTP or SMS-based) after users log in.

Based on the documentation, MFA support seems tied to Universal Login. I want to know:

Is MFA not supported at all in embedded/custom login (via /oauth/token with ROPG)?
If not, what’s the correct way to enable MFA in a SPA with custom UI?
Can we implement a hybrid flow: show our custom login UI, then redirect to /authorize to trigger MFA?

I want to provide a secure MFA experience without fully switching to Universal Login. Please suggest the best practice or any workarounds.

dawid.matuszczyk · August 5, 2025, 1:01pm

Hi @ankititsignups

Welcome back to the Auth0 Community!

Thank you for posting your question. It’s possible to support MFA via /oauth/token with ROPG, but you will need to use the MFA API to achieve this. Here’s a link to our documentation that describes this flow → https://auth0.com/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa

Alternatively, have you considered using the ACUL (https://auth0.com/docs/customize/login-pages/advanced-customizations)? It will still use the Universal Login under the hood, but allows for far greater customization.

Thanks!
Dawid

Topic		Replies	Views
How to implement mfa out of universal login Get Help mfa , mfa-api	2	745	November 13, 2023
How to build custom MFA pages Get Help mfa , mfa-api	6	2237	April 27, 2023
Guidance on Customizing Authentication & MFA Pages Get Help mfa , mfa-api	4	113	February 13, 2025
Can I add Auth0 MFA to my custom login flow (email/password)? Get Help mfa , mfa-api	2	155	June 10, 2024
Question About Implementing Custom MFA Settings Page in Auth0 Get Help mfa , mfa-api	4	35	March 25, 2025

How to implement MFA in a SPA with custom login UI (not Universal Login)?

Related topics