We have an app and use Auth0 for users authentication. All users refers to the particular account in our system. For some of them MFA in enabled.
So when they have no access to auth-provider (e.g. Google Authenticator), they ask our customer support to reset the MFA. To do this we need to go to the Auth0 app, find the particular user and reset MFA manually.
It works fine but not very convenient for customers, so now we want to allow account admins to do it in our app (we already have functionality of users management).
I’ve found exactly what we need on this page. So we need to delete existing enrolments for the particular user one by one, seems pretty clear.
And here the problems are coming. I need to use /get_enrollments endpoint, but there is no such endpoint . Ok, there is another one pretty close to what we need:
GET /api/v2/users/{id}/enrollments
description: " Retrieve the first confirmed Guardian enrollment for a user".
This one works well (returns 200) but doesn’t return any data in response, just an empty array for the user which can log in only with Google Auth . And now I don’t understand the problem is that this endpoint may be used only in Guardian case (but we don’t use it), OR it’s a wrong endpoint or we misunderstand something…
I tested it, and that endpoint successfully clears a user’s MFA factors.
Are you still seeing MFA factors for your user after hitting that endpoint successfully?
That may be a factor, I’m not sure. That endpoint has been deprecated for more than 5 years (longer then I’ve worked here ), I would avoid it entirely. There is a replacement for that endpoint, more on that here.
Are you still seeing MFA factors for your user after hitting that endpoint successfully?
Well, I would say that it doesn’t return anything at all, no matter delete I something or not
To be honest, I didn’t see the case when any of these endpoints return anything in the body, but empty array []