tl;dr
The endpoint /api/v2/users/{userId}/authenticators
is not documented but it returns all authenticators which I needed to create user-friendly interface of MFA.
My question is when will the endpoint be documented or be public? while I’m afraid if the endpoint is suddenly changed or removed.
It seems some users also have trouble with this.
- Accessing User MFA Enrollment Status
- Retrieve all Guardian enrollments for a user always returns 1 enrollment
Detail
I needed to list all enrollments of a user to make a user-friendly interface of MFA.
I’ve found that there is /api/v2/users/{userId}/enrollments
but it only returns a first confirmed enrollment thus it is useless for my purpose.
Then, I’ve found that the guardian_authenticators
attribute of a user which is shown in ‘Raw JSON’ tab on Auth0 Dashboard seems to have what I needed.
However, unfortunately, I could not get that field through /api/v2/users/{userId}
.
After while, thanks to Serjlee in https://github.com/go-auth0/auth0/pull/110, I’ve found that /api/v2/users/{userId}/authenticators
returns exactly same information with guardian_authenticators
like:
[
{
"id": "email|dev_xxxxxxxxxxxxxxxx",
"type": "email",
"confirmed": true,
"name": "test*******@test**********",
"created_at": "2020-10-27T07:10:29.000Z",
"last_auth_at": "2020-10-27T07:15:17.000Z"
},
{
"id": "totp|dev_xxxxxxxxxxxxxxxx",
"type": "totp",
"confirmed": false,
"created_at": "2020-10-27T07:13:28.000Z"
},
{
"id": "push|dev_xxxxxxxxxxxxxxxx",
"type": "push",
"confirmed": true,
"name": "test-test-test",
"created_at": "2020-10-27T07:13:41.000Z",
"enrolled_at": "2020-10-27T07:13:55.000Z",
"last_auth_at": "2020-10-28T10:58:56.000Z",
"link_id": "dev_xxxxxxxxxxxxxxxx"
},
{
"id": "totp|dev_xxxxxxxxxxxxxxxx",
"type": "totp",
"confirmed": true,
"created_at": "2020-10-27T07:13:41.000Z",
"enrolled_at": "2020-10-27T07:13:55.000Z",
"link_id": "dev_xxxxxxxxxxxxxxxx"
},
{
"id": "recovery-code|dev_xxxxxxxxxxxxxxxx",
"type": "recovery-code",
"confirmed": true,
"created_at": "2020-10-27T07:13:56.000Z",
"enrolled_at": "2020-10-27T07:13:56.000Z"
}
]
But the endpoint is not documented thus I opened this topic.