Feature: Adding authenticator id of MFA enrollment to response of POST /mfa/associate
Description: Upon adding/enrolling an authenticator with endpoint POST https://{{idp_domain}}/mfa/associate, it would be very useful to have the id of the authenticator being enrolled included in the response as well, in addition to the related secret.
Use-case: We are currently in preparation phase for the integration of Auth0’s Authentication API into our native app, with the goal of enabling native TOTP enrollments using the ROPC flow. This feature would enable us to maintain a local mapping of authenticator_id ↔ totp_secret, without abstracting that logic on our own. The native app will basically act as regular authenticator app. integrating native MFA with push notifications were not feasible for our use-case.
In the end users will have the capability to enroll multiple devices, each TOTP enrollment bound to a single device. While the authenticator_id is not relevant for the MFA challenge, upon deletion of an MFA enrollment on one of those devices, the id will be relevant.
While there would be a workaround to determine the authenticator_id by listing the user’s authenticators before and after the enrollment, this would come with the necessity of additional API calls, thus it might not be accurate in 100% of the cases.