Hi,
I have one rule for conditionally controlling MFA based on org metadata. I chose a rule for this because the ‘mfa hook’ example Auth0 provided used a rule. I know rules are retiring next fall. Is there an example I can use to enable / disable a user’s MFA based on their organization metadata using an action?
Drew
tyf
September 7, 2023, 8:46pm
2
Hey @dfleming !
Can you share the rule code you’re working with here?
function multifactorAuthentication(user, context, callback) {
var queryParmMfa = context.request && context.request.query ? context.request.query.m : "";
var mfaProvider = "";
var appData = user.app_metadata;
if(appData !== undefined && appData.mfaProvider) {
mfaProvider = appData.mfaProvider;
}
if(!mfaProvider && queryParmMfa) {
mfaProvider = queryParmMfa;
}
context.multifactor = [];
if (mfaProvider && (context.clientID === configuration.MFA_APP_1 ||
context.clientID === configuration.MFA_APP_2)) {
context.multifactor = {
provider: mfaProvider,
allowRememberBrowser: true
};
}
callback(null, user, context);
}
I added the code sample for you.
Any movement on this? I’d really like to take care of this asap
tyf
October 25, 2023, 12:07am
7
Hey @dfleming !
Have you made any attempt at converting the code to an Action? We don’t have a 1:1 example per se, but here is an attempt at a conversion:
exports.onExecutePostLogin = async (event, api) => {
const queryParmMfa = event.request.query ? event.request.query.m : "";
let mfaProvider = "";
const appData = event.user.app_metadata;
if(appData && appData.mfaProvider) {
mfaProvider = appData.mfaProvider;
}
if(!mfaProvider && queryParmMfa) {
mfaProvider = queryParmMfa;
}
if (mfaProvider && (event.client.client_id === configuration.MFA_APP_1 ||
event.client.client_id === configuration.MFA_APP_2)) {
api.multifactor.enable({
provider: mfaProvider,
allowRememberBrowser: true
});
}
};
I have not been able to test this thoroughly, but it is a place to start if you want to test yourself
system
Closed
November 8, 2023, 12:08am
8
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.