MFA is always required

Hi,

I have a post-login action that prompts OTP for certain users. It was working for a long time and now all users are being prompted. My tenant’s configuration didn’t change, the action code is the same… Has anything changed on Auth0?

Hi @joao.roberto,

I just checked your tenant and found that you have the Require Multi-factor Auth option set to Never and a post-login action script that is triggering MFA conditionally.

I have checked your post-login action script and found that it might be responsible for triggering MFA for all other users.

While I cannot check this myself, I suggest that you ensure that your api.multifactor.enable() methods are triggered correctly.

It might also be worth using the Real-time Webtask Logs Extension to debug your script as you execute it during a login attempt. This way, you can include console.log() statements to trace the events happening. You could cross-reference those login events to your Auth0 Logs to verify the behavior.

Thanks,
Rueben

Hi @rueben.tiow, thanks for the reply.

I added a console.log('should bypass MFA') line to the post-login action and ran the Real-time Logs extension. In the extension log, that console string was printed (it means also that api.multifactor.enable('none'); ran). But I am still prompted on MFA.