Multifactor authentication with custom login and Duo throwing 403 MFA required

Tech: Angular2 with custom login (following docs) and Duo

We are able to login with Google + Duo. Using username/password, instead of going to Duo, we receive a 403 with {error:“mfa_required”,error_description:“Multifactor authentication required”}. Why is it that Google social will redirect to Duo and the U/P flow won’t? What other calls need to be made within the U/P flow for Duo to function?

The custom login approach for username/password, based on the information you provided, is using a non-redirect based approach which leads to the behavior in question. More specifically it may be using the resource owner password grant (assuming Auth0.js v8 and the method webAuth.client.login() is being used) and as such no redirect happens. Also note that according to this documentation Duo is not supported for the resource owner password grant endpoint.

How would one enable MFA in this situation then? I have the same scenario where I’m trying to login using Auth0.js v8 login. Would I call a different api endpoint in order to login? And then would the redirect happen correctly? If not, would I have to set my own redirect?