This repo is a reproduction of the MFA + refresh tokens error for auth0-react
library.
- Create new tenant
- Create M2M application
cp auth0/config.example.json auth0/config.json
and add M2M app credentials to it- Run
yarn auth0:import
to re-create tenant from this repo
- Create SPA app
- Enable OTP MFA in Security settings
- Create custom API, enable refresh tokens, set lifetime of token to short duration
yarn install
yarn dev
to start Next appyarn dev:server
to start Express API
- Sign up to app and login
- With network tab open, click "Make API Call" button in app (this should work fine since MFA isn't enabled yet)
- Go to Auth0 dashboard and update the user's metadata to
{ "useMFA": true }
- Logout user, log back in, setup MFA
- Wait 10 seconds for token to expire (see
tenant.yaml
) - Click "Make API Call" (this should throw a
Error: MFA Required
error)