Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for adding an MFA OOB Authenticator via the Email channel #603

Open
5 tasks done
mikeholovka opened this issue Jan 9, 2024 · 0 comments
Open
5 tasks done

Add support for adding an MFA OOB Authenticator via the Email channel #603

mikeholovka opened this issue Jan 9, 2024 · 0 comments
Labels
feature request A feature has been asked for or suggested by the community

Comments

@mikeholovka
Copy link

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

In AuthAPI.java, there is the addOobAuthenticator function, which allows a user to add a new OOB authenticator for MFA. This function has a parameter for users to pass in a list of OOB channels. "Email" is a valid OOB channel that can be passed in (Auth0 doc). However, the function only has logic/parameters to handle SMS/Voice enrollment with a phone number. There is no logic for email addresses, so we are unable to enroll email OOB authenticators via this method.

Describe the ideal solution

Allow enrolling MFA OOB Authenticators via the email channel. It would require another parameter for the email address, and, if it's present, adding it to an "email" request parameter. The same Auth0 endpoint would be used. Not sure if you would want to split the methods between SMS/Voice and email channels, but if so:

  public Request<CreatedOobResponse> addEmailOobAuthenticator(String mfaToken, String emailAddress) {
      Asserts.assertNotNull(mfaToken, "mfa token");

      String url = baseUrl
          .newBuilder()
          .addPathSegment("mfa")
          .addPathSegment("associate")
          .build()
          .toString();

      BaseRequest<CreatedOobResponse> request = new BaseRequest<>(client, null, url, HttpMethod.POST, new TypeReference<CreatedOobResponse>() {
      });

      request.addParameter("authenticator_types", Collections.singletonList("oob"));
      request.addParameter("oob_channels", Collections.singletonList("email"));
      request.addParameter(KEY_CLIENT_ID, clientId);
      if (emailAddress != null) {
          request.addParameter("email", emailAddress);
      }
      addClientAuthentication(request, false);
      request.addHeader("Authorization", "Bearer " + mfaToken);
      return request;
  }

Alternatives and current workarounds

No response

Additional context

No response
@mikeholovka mikeholovka added the feature request A feature has been asked for or suggested by the community label Jan 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request A feature has been asked for or suggested by the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikeholovka