Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect MFA exception check isMultifactorRequired #158

Closed
tplkn opened this issue Apr 24, 2018 · 4 comments
Closed

Incorrect MFA exception check isMultifactorRequired #158

tplkn opened this issue Apr 24, 2018 · 4 comments

Comments

@tplkn
Copy link

tplkn commented Apr 24, 2018

class AuthenticationException

    /// When MFA code is required to authenticate
    public boolean isMultifactorRequired() {
        return "a0.mfa_required".equals(code);
    }

but original code is mfa_required
@tplkn
Copy link
Author

tplkn commented Apr 24, 2018

Note: when I login with Google auth the code is a0.mfa_required. Previous comment for email/password login

@lbalmaceda
Copy link
Contributor

@tplkn this is being worked on here #146 soon you'll be able to complete the MFA OTP flow with this SDK.
The a0.mfa_required error applies for the legacy /ro endpoint AFAIK, but the current OIDC conformant one /oauth/token will return mfa_required and then to finish the MFA flow the process is quite different. If you're curious you can read more about it here. To use one or the other, you have the Auth0#setOIDCConformant(boolean) method. You'll definitely want to use true on that setting.
May I ask how are you doing the Google authentication? which method are you calling, etc.

@lbalmaceda lbalmaceda mentioned this issue Apr 24, 2018
Closed
@tplkn
Copy link
Author

tplkn commented Apr 25, 2018

OIDCConformant is true
The problem is
email/login => mfa_required
google => a0.mfa_required
I'm calling following code for google auth

 WebAuthProvider.init(auth0)
            .withConnection("google-oauth2")
            .withScope(Auth0Client.SCOPES)
            .start(...)

@lbalmaceda
Copy link
Contributor 

email/login => mfa_required

this is fine, just like I said it happens on the /oauth/token endpoint.

However when using the WebAuthProvider class, what you're launching is authentication via a Browser app which uses Lock web and redirects back to the app. The app receives a code and sends that along with the code_verifier to the /oauth/token endpoint to perform a code exchange and obtain the final tokens. I've just tried this with a google account, setting up MFA right in the browser using Authy on my phone, and after finishing the flow the tokens where received fine. I did not receive a a0.mfa_required error. Please check if you're changing something in between and don't hesitate to contact support to get more guidance on this https://support.auth0.com. I'll leave the issue open since the PR with the error_code fix is not yet merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tplkn @lbalmaceda