Vitalii Obideiko
Reputation: 1943
Auth0: Conditional multi-factor rule removes permissions from JWT
For some reason enabling MFA (sms code) removes permissions from JWT (access token). I have checked the setup a few times and all seems to be OK, but for the same account without MFA a permissions presented in JWT, with enabled MFA - no. (I do not using webauth)
I have found this 3 topics:
- Access token is missing permissions when using MFA
- Permissions not included in access token for MFA flow
- Conditional multi-factor rule removes permissions from JWT
And I think we have the same kind of problem (there is no answer by links).
Code of rule looks like this:
const userEnrolledFactors = user.multifactor || [];
const canPromptMfa = userEnrolledFactors.length > 0;
if(canPromptMfa) {
context.multifactor = {
provider: "any",
allowRememberBrowser: false,
};
}
Upvotes: 1
Views: 196
Answers (1)
Vitalii Obideiko
Reputation: 1943
Issue was on Auth0 side. And now it have been fixed on their side
Upvotes: 1
Related Questions
- Auth0. How to get user's permissions in access token?
- Auth0 React SPA incorrect access token for API
- useAuth0().user doesn't show the user Roles
- Auth0 Authentication API with React Native
- Auth0 silent auth not working on mobile, works fine elsewhere
- react-native-permissions returning RNPermissions null in react-native expo project
- Auth0 Rule Not Working w/ API Call from React Native App
- Auth0 ignores scope option
- Role-dependent user login
- react native app auth - How to make scopes as optional?