Using MFA with SPA SDK/universal login

I have a Universal Login and SPA SDK up and running. I figured MFA would be a simple flip of the switch. I am unable to find any example or documentation on how with auth0-spa-sdk and MFA setup works.

I am trying to get the guardian app working first. The guardian app successfully gets pinged and I select Allow. The universal login successfully receives it and logs in with state and code in the URL. My app checks to see if user is logged in and redirects back to login if user is not logged it.

it seems to then redirect back to MFA login. I am unable to successfully get back to my app.

any advice or things I am missing? Do i need to add something to the client options on the SDK to successfully receive the redirect from MFA?

Hi @aaleksandruk,

It should be simply flipping the switch.

I just tried spinning up our vanilla JS quickstart (which uses the spa sdk) and turned on the guardian MFA toggle in the dashboard with multi-factor required. Everything is working fine for me.

What quickstart are you using? If you aren’t using a QS, can you share the code you are using? Also, do you have any MFA rules or anything that could be interferring?

Let me know,

Thanks Dan, after seeing that it should be a flipping switch. I looked further into my implementation and I was calling the redirectToLogin method on app load up every time if IsAuthenticed returned false. It seemed that if I have a State & Code in the URL then I would not redirect to login and check for valid token.

After refactoring and adding those changes everything is working!

For anyone else who may have run into it. This is something i check before I check if i need to redirect.

if ('code=') &&'state=')) {
    const { appState } = await auth0Client.handleRedirectCallback();

Thanks for following up and marking it solved!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.