Hello,
I want to add MFA to my application via Actions. Here is my existing code:
exports.onExecutePostLogin = async (event, api) => {
/* add code to check user_metadata for mfa_enabled. if not there, then
look at organizations. when that happens, update user_metadata at the end
*/
// initialize ManagementClient to access Auth0 Management API
const { DOMAIN, CLIENT_ID, CLIENT_SECRET } = event.secrets;
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: DOMAIN,
clientId: CLIENT_ID,
clientSecret: CLIENT_SECRET,
});
const orgs = await management.users.getUserOrganizations({ id: event.user.user_id }).catch((err) => {
console.log(err);
})
for (const org of orgs) {
if (org.metadata && org.metadata.mfa_enabled === 'true') {
api.multifactor.enable("any");
break;
}
}
};
The MFA prompt is triggered, but the user is not logged in when being redirected back to the application page.
A log event of type “Failed Silent Auth” with description “Multifactor authentication required” always appears.
Update:
Interestingly, we are able to get MFA working with Rules with the following code:
function requireMfaEnrollment(user, context, callback) {
// in case of samlp , auth0 is just a service provider (not identity). So skip
if(context.protocol === 'samlp') {
console.log('SKIP MFA');
context.multifactor = {
provider: 'none'
};
callback(null, user, context);
return ;
}
console.log(user);
if(user.user_metadata && user.user_metadata.mfa_enabled && user.user_metadata.mfa_enabled === 'true' || (context.organization && context.organization.metadata.mfa_enabled && context.organization.metadata.mfa_enabled === 'true')) {
console.log("mfa enabled for user");
const completedMfa = !!context.authentication.methods.find(
(method) => method.name === 'mfa'
);
if (completedMfa) {
console.log("user completed mfa");
return callback(null, user, context);
}
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
callback(null, user, context);
}
callback(null, user, context);
}
However, we would still like to implement with Actions instead of Rules.
Even a simple action that triggers MFA and does nothing else (as shown below) fails:
exports.onExecutePostLogin = async (event, api) => {
api.multifactor.enable("any");
return;
}
I would appreciate help with this. Thank you in advance!