Hello Auth0 Community,
We are encountering a perplexing issue with Multi-factor Authentication (MFA) in our Angular application, particularly around handling the “Remember this device for 30 days” functionality and silent authentication failures.
Background:
- Application stack: Angular with
@auth0/auth0-angular
SDK. - MFA setup: OTP via an authenticator app.
- The challenge arises when the “Remember this device for 30 days” is not enabled; users face a failed silent authentication, leading to
ERROR Error: Multifactor authentication required
in the console and a sudden logout, redirecting users to a blank screen. Interestingly, when “Remember this device for 30 days” is enabled, the login process completes successfully without any issues. - Notably, we have two applications with seemingly identical Auth0 configurations: one for our main platform and one for our backoffice. This issue only occurs in the main platform, not in the backoffice, adding to our confusion.
Troubleshooting Attempts:
- Auth0 Actions: Implemented the suggested action for post-login to handle MFA but didn’t resolve the issue
- Logs and Debugging: Dived into Auth0 and application logs, noticing
auth.isAuthenticated$
briefly returnstrue
before switching tofalse
.
Seeking Guidance On:
- Why might the “Remember this device for 30 days” setting affect silent authentication success/failure?
- Any known differences in handling silent authentication or MFA between applications that could explain the discrepancy in behavior between our main platform and the backoffice?
- Suggestions for further debugging steps or configurations to check that might influence this behavior?
This issue has proven quite tricky, and any insights, experiences, or suggestions from the community would be greatly appreciated. Thank you for your time and assistance.