Auth0 Home Blog Docs

SMS MFA on iOS & Android

android
mfa
sms
ios

#1

Is it possible to use SMS MFA on an Android or iOS app? I’m using email and password login, and it’s working fine. But if I enable SMS MFA on Auth0 site I get this error response on the app: “An error occurred when trying to authenticate with the server.

Something similar occurs when using Facebook login: it works fine if MFA is disabled, but if I enable it, after I authorize Facebook (I don’t have the Facebook app installed, so the authorization is made on the browser) I’m presented with a Auth0 error page with the text: “There could be a misconfiguration in the system or a service outage. We track these errors automatically, but if the problem persists feel free to contact us.

Note: I am not using Lock, and I want to keep it that way, if possible.

So, again, is it possible to have SMS MFA on an Android or iOS app?


#2

It’s possible to use Guardian SMS MFA on iOS and Android. It depends on how you’re doing the authentication/authorization requests and the types of authentication, but it’s feasible.

For example, if you’re using username/password credentials through /oauth/token then check the reference information available at: https://auth0.com/docs/api-auth/tutorials/multifactor-resource-owner-password

For social authentication, which already implies that the user goes through a browser-based redirect flow this should be transparent. The user authenticates with the social provider, is asked to enroll with MFA or provide the second factor. Have in mind that MFA make use of an equivalent mechanism to redirect rules so if you’re using the social provider connection configured with Auth0 Dev Keys you will likely have issues so you need to configure your own client information.

For more information about the limitation on the usage of social provider Dev Keys see:

https://auth0.com/docs/connections/social/devkeys


#3