Last active
August 29, 2022 02:44
-
-
Save jeff-auth0/6857d4871a17f9ed2f3b9eae8e9437d1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function requireMfa(user, context, callback) { | |
// Context object Ref: https://auth0.com/docs/customize/rules/context-object | |
// It only makes sense to prompt for MFA when the user has at least one | |
// enrolled MFA factor. | |
const enforceMfaForOrgs = ['id_org1', 'id_org2']; | |
const shouldPromptMfa = context.organization && context.organization.id && enforceMfaForOrgs.indexOf(context.organization.id) >= 0; | |
const userEnrolledFactors = user.multifactor || []; | |
const canPromptMfa = userEnrolledFactors.length > 0; | |
// This will only prompt user once per session | |
// You can add more conditions such do Mfa every 60 minutes | |
// Checkout context.authentication.timestamp | |
// Ref: https://auth0.com/docs/customize/rules/context-object | |
const completedMfa = !!context.authentication.methods.find( | |
(method) => method.name === 'mfa' | |
); | |
if (!completedMfa && shouldPromptMfa && canPromptMfa) { | |
context.multifactor = { | |
provider: 'any', | |
// ensure that we will prompt MFA, even if the end-user has selected to | |
// remember the browser. | |
allowRememberBrowser: false | |
}; | |
} | |
callback(null, user, context); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment