I want to add Step-Up authentication to my SPA using Auth0 Lock. I added a custom rule to trigger MFA when sending acr_values, as described here.
- Unfortunately the embedded lock widget always shows “something went wrong when attempting to log in”.
- The corresponding error in the Auth0 logs says “Multifactor authentication required”
When doing the same flow via redirect requests (without Auth0 Lock) it works exactly as expected, i.e. Auth0 asks for my MFA code only, then redirects back to my app. Is there a way to achieve the same using the embedded Auth0 Lock widget?
(Please note that I want to deliberately ask for the user’s MFA code and only the code, even if they already authenticated before – no silent authentication)