MFA - please repeat the request in a few seconds

Help
1

Hello Guys’
I am trying to make a POC with the two factors authentication with the Auth0 PUSH method.
The problem is (I think) that I never receive that push, so my application is going in an infinite loop of :“error_description”:"Authorization pending: please repeat the request in a few seconds.

Basically what I am doing is :

– Try to make a user grant password and it got denied with the error : mfa_required which is normal and I receive a mfa_token.
– I am sending a query to /mfa/associate with the auth0 value : authenticator_types": [“oob”],“oob_channels”: [“auth0”]}’

– Now I receive an OOB_Token and I use it to do the /mfa/challenge call ( mfa_token + oob_token).

And finally , I receive the answer : Authorization pending: please repeat the request in a few seconds.And it’s an infinite loop of doom.

Can someone help me on that, I must have not understand clearly what to do … and can’t get it …
Here is the python code that I have made to make the POC :

def do_user_auth(self,username,password):
	print("--------- DO USER AUTH -----")
	scopes = "openid openid profile read:authenticators email address phone perm_clause_view perm_clause_create perm_clause_edit perm_clause_publish"
	headers = {"Content-Type": "application/json","Accept": "text/plain"}
	data = '{"grant_type":"password","scope":"'+scopes+'","client_secret":"'+self.AUTH_CLIENT_SECRET+'","client_id":"'+self.AUTH_CLIENT_ID+'","username":"'+username+'","password":"'+password+'"}'
	r = requests.post("https://"+self.AUTH_DOMAIN+"/oauth/token", data=data,headers=headers)	
	answer = json.loads(r.content)
	print(r.content)
	if "error" in answer:
		if answer["error"] == 'mfa_required':
			oob_code = self.associate_application_post(answer["mfa_token"])
			self.do_two_factor_auth_call(answer["mfa_token"],oob_code)
	
def do_two_factor_auth_call(self,a_mfa_token,a_otp_code):
	print("--------- DO TWO FACTOR CALL AUTH -----")
	data = '{"client_secret":"'+self.AUTH_CLIENT_SECRET+'","client_id":"'+self.AUTH_CLIENT_ID+'","mfa_token": "'+a_mfa_token+'","grant_type": "http://auth0.com/oauth/grant-type/mfa-oob","oob_code": "'+a_otp_code+'","binding_code": "000000"}'
	headers = {"Content-Type": "application/json","Accept": "text/plain"}
	r = requests.post("https://"+self.AUTH_DOMAIN+"/oauth/token", data=data,headers=headers)
	print(r.content)
	decoded = r.content.decode('utf-8')
	if "error" in decoded and "authorization_pending" in decoded:
		print("waiting some seconds")
		time.sleep(15) 
		self.do_two_factor_auth_call(a_mfa_token,a_otp_code)
	

def associate_application_post(self,a_mfa_token):
	print("--------- DO ASSOCIATE CALL AUTH -----")
	headers = {"Content-Type": "application/json","Accept": "text/plain","Authorization":"Bearer "+a_mfa_token}
	data = '{"client_secret":"'+self.AUTH_CLIENT_SECRET+'","client_id":"'+self.AUTH_CLIENT_ID+'","authenticator_types": ["oob"],"oob_channels": ["auth0"]}'
	r = requests.post("https://"+self.AUTH_DOMAIN+"/mfa/associate", data=data,headers=headers)
	print(r.content)
	answer = json.loads(r.content)
	return answer["oob_code"]

Cheers,

2

No body can help me with that ?

3

Can you recieve the MFA push if using Guardian instead of your custom application? Furthermore, what do the logs say in https://manage.auth0.com/#/logs you should have information regarding the failure if Auth0 failed to send a push.

4

Well, when I am authenticated myself within the console it works, but not with my code. In the logs I have only this. It’s like the enrolment process is never get done. When I receive the enrolment token, I have this in the response :

b’{“oob_code”:"Fe26.2**54d58d4eacbcf54e2472e753e87576388988a344ab08e5bb2f1702d1eee0a4a3oAR7-5sKyNA-h0KiMp5_AAyNRUHZKsA_tX4ctI1vc0yRey0ZHHdlJ5ZpNtkfa_xGoENvL2M6mGSE64RFYJAu5cFaPS_QqgXe6sdFIyXkvViZ0z5-7l4PQILSfOCwI_j0INg4ASwOn5wmhXcjcHsU7iFO9Ko147iB_oJHtYbGf2nbVgJhBuB-ByDimsmUWmoromyXnDvGdazITPK8_CJqus80ycH9Sl7A15mU4XCPHmaUI8z60fN0wlpUD-QyOeJJvN-jpcOUAn6ndN0lGN_hTFVERDJ4yXWLDyRohTK6ihPQOstOlj0QWUXRRJXi6tXjsGxrLTzTEk3o4Ehcq_tZ2yFj7w88d2IlPuUhfKDh1OQim3VUvCq7ES_S15UtM9fvTxLw4-174sL1j9NnwbiXud15289011820518eeaaac619c0fc10accb689a4a4abbaa5bdf4dc98d28cd23092ea10f904aaa3a*mS_lmrC4cYBMjKJEFGcu72zuAnUanVVhCcIaBplUh0s",“barcode_uri”:"otpauth://totp/thinking-capital:cleclerc%40thinkingcapital.ca?enrollment_tx_id=GB06kUoVmvkXNEqHNSU8cbxJE9U67N66&base_url=https%3A%2F%2FURL.guardian.auth0.com",“authenticator_type”:“oob”,“oob_channel”:“auth0”}’

Do I need to forward the user on that page or something ?

{
“date”: “2018-06-13T14:36:22.052Z”,
“type”: “gd_start_enroll”,
“description”: “Guardian - Enrollment started (push)”,
“ip”: “35.167.74.121”,
“user_agent”: “python-requests/2.18.4”,
“details”: {
“request”: {
“method”: “POST”,
“path”: “/api/tenants/URL/users/auth0%7C5ac6beb6a33e56128a53e434/authenticators”,
“query”: {},
“userAgent”: “python-requests/2.18.4”,
“body”: {
“type”: “push”,
“verifier”: “TC”
},
“ip”: “35.167.74.121”,
“auth”: {
“strategy”: “jwt_api2_internal_token”,
“scopes”: [
“read:authenticators”,
“create:authenticators”,
“verify:authenticator”
]
}
},
“response”: {
“body”: {}
},
“authenticator”: {
“id”: “push|dev_1rW3t7yfpAsbC8Rq”,
“type”: “push”
}
},
“user_id”: “auth0|5ac6beb6a33e56128a53e434”,
“log_id”: “90020180613143622052992777279804446710967615626655301714”
}

5

Anything to help me on that ?

6

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?