In-App management of MFA with auth0-spa-js

Hi All,

Looking for help in implementing OTP MFA in a React application that is using the auth0–spa-js SDK with an express/node backend. My goal is to have the MFA be optional for authenticated users to turn on in a user settings page.

I understand that I can control whether MFA authentication flow occurs for users with a meta-data property, and this is my current approach. But how do I go about letting the user toggle MFA on, such that it triggers an OTP check and lets them setup their key in an OTP manager (eg Google Authenticator)?

I see multiple endpoints for working with MFA in the authentication API, but is there a way to prompt for a check inside of the application, or only at login? And also, how should I set scopes using this setup to ensure my access token is valid when calling these endpoints? Or if there’s an easier/different way than using these endpoints, like somehow calling the mfa check via the auth0-spa sdk, that would also be great to understand.