Hi everyone,
I’m looking for some advice regarding custom post-login MFA actions for handling user enrollment and challenges.
Here’s the issue I’ve encountered:
When I’m already enrolled in an existing factor (e.g., OTP) and attempt to enroll in a second factor (e.g: phone) using enrollWith, I receive the following error:
Additionally, the logs show this message:
An MFA enrollment was requested but the user is already enrolled in MFA. Challenge with at least one existing factor before enrolling a new one.
This happens even when authentication.methods already includes “mfa”.
If I use challengeWith before attempting the enrollment, it works as expected. However, this approach forces users to go through multiple challenges, which can feel redundant and unnecessary.
Is there a way to avoid re-challenging the user if their existing session has already been challenged?
Thanks in advance for your help!