Missing acr_values from react-auth0 getAccessTokenWithPopup

Hello!

My question is almost identical to this topic: Cannot get desired scope from react-auth0 getAccessTokenWithPopup

I’m following the documentation for configuring step-up auth. In my react app, I’m attempting to use getAccessTokenWithPopup to call the /authorize endpoint, like this:

import { useAuth0 } from '@auth0/auth0-react';

const { getAccessTokenWithPopup } = useAuth0();

return (
  <Button
    use={ButtonUse.Primary}
    onClick={(): void => {
      const token = getAccessTokenWithPopup({
        cacheMode: 'off',
        authorizationParams: {
          prompt: 'login',
          acr_values: 'http://schemas.openid.net/pape/policies/2007/06/multi-factor',
        },
      });
      console.log('token', token);
    }}
  >
    Click me to step up
  </Button>
);

The popup shows a login form as expected, but my custom action isn’t catching the acr_value, and isn’t prompting for MFA. When I debug the token at jwt.io, it doesn’t show any amr or acr values.

What am I missing?

1 Like

I have also been experiencing a similar issue if anyone is able to help support!

1 Like