Problem statement
I’m experiencing an issue where I’ve enabled the MFA for my React application.
The behavior is the following:
- I enter my email and password
- I get redirected to my Authenticator app via a QR code
- I enter the code
- I’m successfully taken to my React application
- However, after that, I’m automatically redirected to mfa-otp-challenge page where it asks me to Verify my identity one more time.
- When I enter the code again, I’m being redirected to the mfa-otp-challenge again. And it’s endlessly redirecting me to that mfa-otp-challenge page
Anything you would advise?
Cause
But the main problem is your application redirects a user to the /authorize endpoint again after the code has already been received. Can you please check the part of the code where you handle the redirect callback?
Solution
Also, as a workaround, you can try disabling the MFA in the tenant configuration (set to Never) and enable the Rule with the following script, which will trigger the MFA once per session:
function requireMfaOncePerSession(user, context, callback) {
let authMethods = [];
if (context.authentication && Array.isArray(context.authentication.methods)) {
authMethods = context.authentication.methods;
}
const completedMfa = !!authMethods.find((method) => method.name === 'mfa');
if (completedMfa) {
return callback(null, user, context);
}
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
callback(null, user, context);
}