Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: MFA APIs#2502

Merged
tusharpandey13 merged 54 commits into
mainfrom
feat/mfa-apis
Feb 9, 2026
Merged

feat: MFA APIs#2502
tusharpandey13 merged 54 commits into
mainfrom
feat/mfa-apis

Conversation

@tusharpandey13
Copy link
Copy Markdown
Contributor

@tusharpandey13 tusharpandey13 commented Jan 26, 2026
edited
Loading

Important

This PR is the 2nd PR in a PR stack
Current base: #2480

Adds MFA API support, enabling getAuthenticators, enroll, challenge and verify functionality.

Changes

  • Added MfaClient classes for server and client
  • Added business logic for getAuthenticators, enroll, challenge and verify
  • Added server handlers for the same
  • Added flow tests for client and server scenarios
  • Added documentation

Tests

Added flow tests testing all MFA flows for server and client.

Usage

try {
  const { token } = await auth0.getAccessToken({ audience: 'https://api.example.com' });
} catch (error) {
  if (error instanceof MfaRequiredError) {

    // Get available authenticators
    const authenticators = await auth0.mfa.getAuthenticators({
      mfaToken: error.mfa_token
    });

    // Enrollment
    const enrollment = await auth0.mfa.enroll({
      mfaToken,
      authenticatorTypes: ["otp"]
    });

    // Initiate challenge
    const challenge = await auth0.mfa.challenge({
      mfaToken: error.mfa_token,
      challengeType: 'otp',
      authenticatorId: authenticators[0].id
    });

    // Verify code
    const tokens = await auth0.mfa.verify({
      mfaToken: error.mfa_token,
      otp: '123456'
    });
  }
}

@tusharpandey13
feat: mfa error bubbling support
877f488
@tusharpandey13
feat: add mfa example app and update docs
b59e97f
@tusharpandey13
Merge remote-tracking branch 'origin/main' into feat/mfa-base
248eca7
@tusharpandey13
chore: fix example app
d89cfa4
@tusharpandey13
chore: fix example app
deb5bdb
@tusharpandey13
chore: remove irrelevant code
c572c4a
@tusharpandey13
fix: use createHmac intead of createHash
0dbaffa
@tusharpandey13
docs: add readme for mfa example app
ec0d87b
@tusharpandey13
chore: lint
742724a
@tusharpandey13
chore: add AGENTS.md
b2f92e5
@tusharpandey13
Merge branch 'chore/agent-support' into feat/mfa-apis
7af2c3b
@tusharpandey13
feat: simplify mfa base implementation; move to a stateless design
e276681
@tusharpandey13
chore: fix tests and lint
dfb2467
@tusharpandey13
chore: remove irrelevant code
cfef8dd
@tusharpandey13
Merge branch 'feat/mfa-base' of https://github.com/auth0/nextjs-auth0
a02f859 
…into feat/mfa-apis
@tusharpandey13
feat: add types for mfa apis; move MfaContext type to types/mfa.ts file
db04501
@tusharpandey13
Merge branch 'main' of https://github.com/auth0/nextjs-auth0 into fea…
004c1dd 
…t/mfa-apis
@tusharpandey13
feat: add mfa api business logic + errors; update mfa types and const…
b4e1d0b 
…ants
@tusharpandey13
chore: remove irrelevant code; add return type for mfaVerify
30ae3e6
@tusharpandey13
feat: add server mfa client; update mfa business logic methods in aut…
6864537 
…h-client
@tusharpandey13
chore: lint
123b585
@tusharpandey13
feat: add mfa_token re-encryption in chained mfa usecase; move sessio…
ac7a1cf 
…n update logic to mfaVerify in auth-client, simplify impl
@tusharpandey13
chore: lint
4b56933
@tusharpandey13
feat: add final validation in mfaVerify
7278067
@tusharpandey13
feat: add mfa handlers; add mfa error handler helper
3ae876a
@tusharpandey13
feat: add mfa client helpers; refactor server mfa error handling
aab62e9
@tusharpandey13 tusharpandey13 requested a review from a team as a code owner January 26, 2026 19:54
@tusharpandey13 tusharpandey13 changed the title feat: MFA Apis feat: MFA APIs Jan 28, 2026
@tusharpandey13 tusharpandey13 mentioned this pull request Jan 28, 2026
Closed
gyaneshgouraw-okta
gyaneshgouraw-okta reviewed Jan 30, 2026
View reviewed changes
Comment thread src/client/mfa/index.ts Outdated
@tusharpandey13 tusharpandey13 marked this pull request as ready for review February 3, 2026 11:15
@tusharpandey13 tusharpandey13 changed the title feat: MFA APIs feat: [MFA PR 2/4] MFA APIs Feb 5, 2026
@tusharpandey13 tusharpandey13 changed the title feat: [MFA PR 2/4] MFA APIs feat: MFA APIs Feb 5, 2026
gyaneshgouraw-okta
gyaneshgouraw-okta reviewed Feb 6, 2026
View reviewed changes
Comment thread EXAMPLES.md
mfaToken,
authenticatorTypes: ["oob"],
oobChannels: ["email"],
email: "[email protected]"
Copy link
Copy Markdown
Contributor

@gyaneshgouraw-okta gyaneshgouraw-okta Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tusharpandey13 enrolment signatures are slightly different from spa

https://github.com/auth0/auth0-spa-js/blob/main/EXAMPLES.md?plain=1#L890

For enrolment we are not accepting oobChannels: ["email"], in array notation, rather a simplified factorType which internally calculates oobChannel.

You can refer the above code snippet.

Copy link
Copy Markdown
Contributor Author

@tusharpandey13 tusharpandey13 Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, factorType simplifies this flow.
Proposing to take this change in a separate PR.

@tusharpandey13
Copy link
Copy Markdown
Contributor Author

tusharpandey13 commented Feb 9, 2026

A change that adds support for factorType will be pushed in a separate PR, achieving this: #2502 (comment)

Base automatically changed from feat/mfa-base to main February 9, 2026 14:18
@tusharpandey13 tusharpandey13 dismissed gyaneshgouraw-okta’s stale review February 9, 2026 14:18

The base branch was changed.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Feb 9, 2026

Codecov Report

❌ Patch coverage is 88.95881% with 193 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.15%. Comparing base (ff863ed) to head (84cd0ca).

Files with missing lines Patch % Lines
src/server/auth-client.ts 86.19% 53 Missing ⚠️
src/server/mfa/server-mfa-client.ts 14.03% 49 Missing ⚠️
src/utils/mfa-transform-utils.ts 69.78% 42 Missing ⚠️
src/utils/mfa-validation-utils.ts 74.66% 14 Missing and 5 partials ⚠️
src/utils/mfa-utils.ts 67.56% 12 Missing ⚠️
src/client/mfa/index.ts 96.98% 6 Missing ⚠️
src/errors/mfa-errors.ts 96.21% 5 Missing ⚠️
src/server/client.ts 61.53% 5 Missing ⚠️
src/errors/oauth-errors.ts 98.50% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2502      +/-   ##
==========================================
- Coverage   90.98%   90.15%   -0.84%     
==========================================
  Files          40       51      +11     
  Lines        4916     6439    +1523     
  Branches     1024     1292     +268     
==========================================
+ Hits         4473     5805    +1332     
- Misses        437      623     +186     
- Partials        6       11       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@tusharpandey13 tusharpandey13 merged commit af25d93 into main Feb 9, 2026
9 checks passed
@tusharpandey13 tusharpandey13 deleted the feat/mfa-apis branch February 9, 2026 14:38
@tusharpandey13 tusharpandey13 mentioned this pull request Feb 9, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gyaneshgouraw-okta gyaneshgouraw-okta gyaneshgouraw-okta approved these changes

Assignees

No one assigned

Labels

mfa

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tusharpandey13 @codecov-commenter @gyaneshgouraw-okta