Skip to content

feat: MFA APIs#2502

Open
tusharpandey13 wants to merge 31 commits intofeat/mfa-basefrom
feat/mfa-apis
Open

feat: MFA APIs#2502
tusharpandey13 wants to merge 31 commits intofeat/mfa-basefrom
feat/mfa-apis

Conversation

@tusharpandey13
Copy link
Contributor

@tusharpandey13 tusharpandey13 commented Jan 26, 2026
edited
Loading

Important

This PR is the 2nd PR in a PR stack
Current base: #2480

Adds MFA API support, enabling getAuthenticators, enroll, challenge and verify functionality.

Changes

  • Added MfaClient classes for server and client
  • Added business logic for getAuthenticators, enroll, challenge and verify
  • Added server handlers for the same
  • Added flow tests for client and server scenarios
  • Added documentation

Tests

Added flow tests testing all MFA flows for server and client.

Usage

try {
  const { token } = await auth0.getAccessToken({ audience: 'https://api.example.com' });
} catch (error) {
  if (error instanceof MfaRequiredError) {

    // Get available authenticators
    const authenticators = await auth0.mfa.getAuthenticators({
      mfaToken: error.mfa_token
    });

    // Enrollment
    const enrollment = await auth0.mfa.enroll({
      mfaToken,
      authenticatorTypes: ["otp"]
    });

    // Initiate challenge
    const challenge = await auth0.mfa.challenge({
      mfaToken: error.mfa_token,
      challengeType: 'otp',
      authenticatorId: authenticators[0].id
    });

    // Verify code
    const tokens = await auth0.mfa.verify({
      mfaToken: error.mfa_token,
      otp: '123456'
    });
  }
}

@tusharpandey13
chore: add AGENTS.md
b2f92e5
@tusharpandey13
Merge branch 'chore/agent-support' into feat/mfa-apis
7af2c3b
@tusharpandey13
Merge branch 'feat/mfa-base' of https://github.com/auth0/nextjs-auth0
a02f859 
…into feat/mfa-apis
@tusharpandey13
feat: add types for mfa apis; move MfaContext type to types/mfa.ts file
db04501
@tusharpandey13
Merge branch 'main' of https://github.com/auth0/nextjs-auth0 into fea…
004c1dd 
…t/mfa-apis
@tusharpandey13
feat: add mfa api business logic + errors; update mfa types and const…
b4e1d0b 
…ants
@tusharpandey13
chore: remove irrelevant code; add return type for mfaVerify
30ae3e6
@tusharpandey13
feat: add server mfa client; update mfa business logic methods in aut…
6864537 
…h-client
@tusharpandey13
chore: lint
123b585
@tusharpandey13
feat: add mfa_token re-encryption in chained mfa usecase; move sessio…
ac7a1cf 
…n update logic to mfaVerify in auth-client, simplify impl
@tusharpandey13
chore: lint
4b56933
@tusharpandey13
feat: add final validation in mfaVerify
7278067
@tusharpandey13
feat: add mfa handlers; add mfa error handler helper
3ae876a
@tusharpandey13
feat: add mfa client helpers; refactor server mfa error handling
aab62e9
@tusharpandey13 tusharpandey13 requested a review from a team as a code owner January 26, 2026 19:54
@tusharpandey13 tusharpandey13 marked this pull request as draft January 27, 2026 10:19
@tusharpandey13 tusharpandey13 changed the title feat: MFA Apis feat: MFA APIs Jan 28, 2026
@tusharpandey13 tusharpandey13 mentioned this pull request Jan 28, 2026
Open
gyaneshgouraw-okta
gyaneshgouraw-okta reviewed Jan 30, 2026
View reviewed changes
@tusharpandey13 tusharpandey13 marked this pull request as ready for review February 3, 2026 11:15
@tusharpandey13 tusharpandey13 changed the title feat: MFA APIs feat: [MFA PR 2/4] MFA APIs Feb 5, 2026
@tusharpandey13 tusharpandey13 changed the title feat: [MFA PR 2/4] MFA APIs feat: MFA APIs Feb 5, 2026
gyaneshgouraw-okta
gyaneshgouraw-okta reviewed Feb 6, 2026
View reviewed changes
EXAMPLES.md
mfaToken,
authenticatorTypes: ["oob"],
oobChannels: ["email"],
email: "user@example.com"
Copy link
Contributor

@gyaneshgouraw-okta gyaneshgouraw-okta Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tusharpandey13 enrolment signatures are slightly different from spa

https://github.com/auth0/auth0-spa-js/blob/main/EXAMPLES.md?plain=1#L890

For enrolment we are not accepting oobChannels: ["email"], in array notation, rather a simplified factorType which internally calculates oobChannel.

You can refer the above code snippet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gyaneshgouraw-okta gyaneshgouraw-okta gyaneshgouraw-okta left review comments

Assignees

No one assigned

Labels

mfa

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tusharpandey13 @gyaneshgouraw-okta