Silent auth failed during signup due to "Multifactor Authentication Required" Error

reyna.b · April 22, 2024, 6:48am

Hi,

I am encountering issues related to silent auth and multi-factor authentication during sign-up.

Note: Everything works fine without MFA.

Reproducible steps:

Front-end: New User signs up to our app
Auth0: Assign permissions via post login flow code and set claims
Front-end: Refetch this token containing the new permissions claims via React hook (Updating User Profile · Issue #135 · auth0/auth0-react · GitHub)

 await getAccessTokenSilently({
    cacheMode: 'off',
  });

Without MFA: Works expected
With MFA: Multifactor authentication required error from Auth0 (latest version 2.2.4)

Please also note that when MFA is enabled for the app, I have set up MFA during sign up successfully

Since everything is working without MFA, I assume my flow code is good (it also makes no reference to MFA or anything related)

reyna.b · April 24, 2024, 5:04am

Issue resolved by utilizing the MFA flow action template for silent authentication

exports.onExecutePostLogin = async (event, api) => {
    // if the array of authentication methods is valid and contains a method named 'mfa', mfa has been done in this session already
    if (
        !event.authentication ||
        !Array.isArray(event.authentication.methods) ||
        !event.authentication.methods.find((method) => method.name === 'mfa')
    ) {
        api.multifactor.enable('any');
    }
};