Problem Statement
I have the following situation:
- A registered user for whom MFA is required.
- No MFA auth factor is configured for the user.
- User tries to log in and is presented with a screen to provide a phone number for MFA.
- User is presented with a screen to enter an MFA code.
- User enters the MFA code and clicks “Next.” The screen does nothing. A few seconds later, “Next” becomes clickable again.
- User clicks “Next” again and now gets an auth error. Looking at the raw HTTP response from Auth0, it says that the transaction was not found (probably because the user had already clicked “Next” once, but nothing happened in the UI). I’m attaching a screencast that shows the behavior above.
After the error described above, if I try to log in the same user again, I get an MFA prompt, and entering the code works as expected. It’s just that the first log-in does not work.
Cause
-
If you have a custom MFA flow that leveraged a significantly customized MFA page as well as an involving a ‘MFA’ Rule which appears to do quite a bit during the MFA prompt/enrollment process.
-
Not using the latest version in the Custom MFA page:
<script src="//cdn.auth0.com/js/mfa-widget/mfa-widget-1.8.min.js"></script>
Solution
We recommend updating the ‘mfa-widget’ code to the latest version in the Custom MFA page:
<script src="//cdn.auth0.com/js/mfa-widget/mfa-widget-1.8.min.js"></script>