Wow, exactly the problem that I have.
Hi @konrad.sopala Refering to this last comemnt and this othet topic Remove Recovery Code thru Mobile App
It looks like it is a problem.
Steps to reproduce:
- Enroll a user MFA using Guardian app and not Google Authenticator.
- Now once the user has MFA setup and there are 2 MFA (which is ok)
- Delete user account from guardian app.
- It leaves only recovery code
Problem: GET /api/v2/users/{id}/enrollments does not return anything to delete it. and on re-login it wont prompt me to set a new mfa. Someone has to login to Auth0 dashboard and reset it manually.