MFA authentication method missing in rule context

mobilmacher · September 4, 2020, 10:59am

I’m having trouble with a rule checking if a user completed MFA during their login.

According to the docs, the ‘context.authentication’ array should contain the authentication methods a user has completed during their session. However, the ‘mfa’ method is never present. The only output I get is the following array:

[{ methods: [ { name: 'pwd', timestamp: 1434454643024 } ] }]

I’m using the free SMS method from Auth0 for testing and the new universal login experience with SSO. ‘allowRememberBrowser’ is also set to true.

The login and the MFA authentication works fine. Just the mfa object is missing for some reasons.

Any ideas?

joseantonio.rey · September 5, 2020, 5:36pm

Hey @mobilmacher,

Rules execute before MFA is triggered. This means that, when the user is authenticated and rules run, MFA will not yet have been triggered. However, if the user has already authenticated and your application is performing SSO of an existing session, the array will be there, informing you of what kind of MFA flow went on during the original authentication flow.

Let me know if this helps.

system · September 20, 2020, 5:36pm

Auth0 has a newer set of APIs for managing API documented here which is available in Actions.

api.authentication.enrollWith
api.authentication.enrollWithAny
api.authentication.challengeWith
api.authentication.challengeWithAny

Using these APIs, the flow continues from the next Action available.

With Actions, it is possible to access the user’s MFA status with event.authentication.methods