Auth0 Home Blog Docs

SMS MFA with Lock redirects to login unless a user remembers device

I am using Lock on a AngularJS application and I want to enable MFA.

I have setup MFA on the account and I can successfully enroll users’ devices/numbers.

So when the user logs in with their username and password they are prompted to enter the verification code they received via sms on the MFA screen.

After entering the code and clicking the continue button, the user is we get a “login_required” error, if the user does not check the Remember this device for the 30 days checkbox:

{
“error”: “login_required”
“error_description”: “Multifactor authentication required”
“state” : “{statestate}”
}

Is there a way I can solve this problem, by calling an API endpoint using the state to authenticate the user?

I tried using the new Universal Login which is said that it does not rely on javascript, but my problem seems to be with the way I am handling the login flow because still get the same error. Is there something that I might have not thought of handling when I enabled MFA using Lock, Because without MFA the authentication flow does not give an error?