MFA Customization / Flexible Factor Selection Not Compatible with the Non-Interactive Flows

ActionsUniversal LoginMulti-factor Authentication

Last Updated:

Overview

The user may get the following error in the tenant logs when trying to use the Flexible Factor Selection feature with Resource Owner Password or other unsupported flows.

MFA required. The post login MFA commands are not compatible with the non-interactive flows.

The Flexible Factor Selection is triggered by an Action with these two methods:
  • api.authentication.challengeWith(factor, options)
  • api.authentication.challengeWithAny(factors)
It's documented here:

Cause

As per the article, Customize MFA Selection in New Universal Login customization is only available in the New Universal Login Experience. 
 

Solution

Unfortunately, the Flexible Factor Selection feature is not currently available for WS-Fed, SAML, or non-interactive flows (including the ROPG flow).

The workaround is to suppress the MFA for such flows or trigger the normal MFA, e.g.: 
if(event.transaction.protocol === 'oauth2-resource-owner') {
    api.multifactor.enable(provider, options)
} else {
    api.authentication.challengeWith(factor, options)
}

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community