MFA not offered to user after login

Help
,
1

I have an issue where MFA is not offered to user after he fills username and password fields and clicks on continue.
Require Multi-factor Auth is set to “Never”
Customize MFA factors using Actions is set to “On”
Action is on post login trigger. Action code:
api.authentication.challengeWith({type: “email”});
User is enrolled with email address.

User is redirected from my Angular application to another Angular application that serves for login using Auth0. Here is the code from that app that calls Auth0.

   this.auth.loginWithRedirect({
          appState: { target: String('https://' + commingFromUrl + (commingFromUrl == 'localhost' ? ':44465' : '')) },
          authorizationParams: { redirect_uri: "https://authentication.elso.org/redirectlogin" }
        });

Then ‘redirectlogin’ page has next code:

this.auth.getAccessTokenSilently().subscribe({
        next: (res) => {
          localStorage.setItem('auth0token', res);
          console.log('logged in');

        },
        error: (err) => {
          console.log(err);
          ERROR THROWN HERE Multifactor authentication Required
        }
      });

Here is what i have in app.module.ts

provideAuth0({
      domain: 'elso-auth.us.auth0.com',//'dev-gejvuq6zrfzh5ddy.us.auth0.com',
      clientId: 'MyClientId',       
      useRefreshTokens: true,
      cacheLocation: 'localstorage',
      useRefreshTokensFallback: true,
      authorizationParams: {
        redirect_uri: window.location.origin, 
        audience: 'https://elso-auth.us.auth0.com/api/v2/'
        , scope: 'openid profile email offline_access'

      }
    })

Thanks in advance.

2

Hi @sjh1

Welcome to the Auth0 Community!

Thank you for posting your question! I’ve checked your tenant configuration, and it looks like you haven’t enabled the factors required by your actions to challenge the user. Can you enable them and let me know if this fixes your issue?

I also found this blog article that can provide additional context → Using Actions to Customize Your MFA Factors

Thanks
Dawid

3

MFA factors are enabled, here is the screenshot. Is there some other option that i need to enable?

mfa
mfa1091×795 54.2 KB

4

Hi @sjh1,

Apologise I’ve checked the development tenant not a production, I will update you when I will have more information.

Thanks
Dawid

5

I found some clue. When i check ‘remember this device for 30 days’ after logging in and trying second login im not welcomed with MFA, just login username and password, and after redirection i receive ‘Multifactor authentication required’, and im not able to login after that… How can i resolve this issue? I cleared cookies and sessions and local storage on both apps.

6

Hi @sjh1,

Is MFA not triggered only for a specific user or all users?

Thanks
Dawid

7

It is for all users, i just double checked. I am able to receive MFA until i check remember this device. After that i only receive username/password and after clicking continue im redirected to my callback page, and there ‘Multifactor authentication required’ is fired.

8

I managed to find solution myself. For those who have issue like mine. In angular i had wraped auth0 login calls in timeout like this:

setTimeout(() => {
this.auth.getAccessTokenSilently().subscribe({
  next: (res) => {
	console.log('bingo');
  },
  error: (err) => {
	console.log(err);
	if (err.error_description == 'Login required') {
	  this.auth.loginWithRedirect();
	}
  }
});
}, 1000);//Tried timeout with 500, and didnt work.

Without that, i could call login multiple times on same rout, and it always throw Multifactor required, even if multifactor was not offered to user because ‘remember browser’ was checked.

9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.