I definitely don’t know much about SPAs, but I believe all the MFA ‘stuff’ is handled on Auth0’s side. I don’t think there is anything you need to do. I just set up a new application with MFA enabled, and I downloaded and ran the React demo app. When I go to log in it asks for my MFA OTP code, and this is all happening at Auth0.
Here’s a screen recording of the interaction between the demo React SPA app and MFA. In this case I enabled the One Time Password MFA option, updated the MFA rule (automatically created when you enable MFA) to limit to force MFA on application I create for the SPA.