Migrating MFA rule to action

Hi,

I have one rule for conditionally controlling MFA based on org metadata. I chose a rule for this because the ‘mfa hook’ example Auth0 provided used a rule. I know rules are retiring next fall. Is there an example I can use to enable / disable a user’s MFA based on their organization metadata using an action?

Drew

Hey @dfleming !

Can you share the rule code you’re working with here?

function multifactorAuthentication(user, context, callback) {
  var queryParmMfa = context.request && context.request.query ? context.request.query.m : "";
  
  var mfaProvider = "";
  var appData = user.app_metadata;
  if(appData !== undefined && appData.mfaProvider) {
      mfaProvider = appData.mfaProvider;
  }  
  
  if(!mfaProvider && queryParmMfa) {
    mfaProvider = queryParmMfa;
  }

  context.multifactor = [];
  if (mfaProvider && (context.clientID === configuration.MFA_APP_1 || 
                      context.clientID === configuration.MFA_APP_2)) {
   context.multifactor = {
      provider: mfaProvider,
      allowRememberBrowser: true
    };
  }
	
  callback(null, user, context);
}

I added the code sample for you.

Any movement on this? I’d really like to take care of this asap

Hey @dfleming !

Have you made any attempt at converting the code to an Action? We don’t have a 1:1 example per se, but here is an attempt at a conversion:

exports.onExecutePostLogin = async (event, api) => {

  const queryParmMfa = event.request.query ? event.request.query.m : "";
  let mfaProvider = "";
  const appData = event.user.app_metadata;

  if(appData && appData.mfaProvider) {
    mfaProvider = appData.mfaProvider;
  }

  if(!mfaProvider && queryParmMfa) {
    mfaProvider = queryParmMfa;
  }

  if (mfaProvider && (event.client.client_id === configuration.MFA_APP_1 || 
                      event.client.client_id === configuration.MFA_APP_2)) {
    api.multifactor.enable({
      provider: mfaProvider,
      allowRememberBrowser: true
    });
  }
};

I have not been able to test this thoroughly, but it is a place to start if you want to test yourself :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.