Auth0 Home Blog Docs

Silent Auth Fails due to MFA switched on

mfa
silent-auth

#1

We have an Angular SPA and are attempting to renew our tokens using silent Auth. However, we have MFA switched on so we are getting an error back saying “Login_required Multifactor authentication required”.

Now ideally, once a user has logged in with MFA we don’t want them to have to re authenticate with it every time they need a new token. Is there a way around this? Can we use a rule somehow?


#2

I’m having the same issue.


#3

I’m having the same problem. It worked before when using guardian, but it does not work with the 3rd party MFA solutions. I suppose because of the SSO when using guardian? Would like to know a way to solve this issue too.


#4

I found the following page which explains how to skip MFA once the user has authenticated with MFA before: https://auth0.com/docs/multifactor-authentication/custom#change-the-frequency-of-authentication-requests . This allows the user to skip MFA for a maximum of 30 days on the same browser. When using this solution I’m not getting the ‘MFA required’ error anymore. You could also implement the IP check in the section below as an extra security check.


#5

Hmm, yeah that’s definitely a good way to avoid it. The problem is when they get logged out due to inactivity, I do want them to have to redo MFA. Essentially I want the session to be valid for renewAuth calls but force relogging in fully if they timeout without renewing.


#6

I’m having the same issue.


#7

Hmm, yeah that’s definitely a good way to avoid it. The problem is when they get logged out due to inactivity, I do want them to have to redo MFA. Essentially I want the session to be valid for renewAuth calls but force relogging in fully if they timeout without renewing.


#8

Yeah that’s exactly what I would like to have as well. For now I’m going with the allowRememberBrowser = true, but hopefully there is a way to force MFA on each login somehow.


#9