auth0/auth0-java

Add support for adding an MFA OOB Authenticator via the Email channel

mikeholovka opened this issue · 0 comments

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

In AuthAPI.java, there is the addOobAuthenticator function, which allows a user to add a new OOB authenticator for MFA. This function has a parameter for users to pass in a list of OOB channels. "Email" is a valid OOB channel that can be passed in (Auth0 doc). However, the function only has logic/parameters to handle SMS/Voice enrollment with a phone number. There is no logic for email addresses, so we are unable to enroll email OOB authenticators via this method.

Describe the ideal solution

Allow enrolling MFA OOB Authenticators via the email channel. It would require another parameter for the email address, and, if it's present, adding it to an "email" request parameter. The same Auth0 endpoint would be used. Not sure if you would want to split the methods between SMS/Voice and email channels, but if so:

  public Request<CreatedOobResponse> addEmailOobAuthenticator(String mfaToken, String emailAddress) {
      Asserts.assertNotNull(mfaToken, "mfa token");

      String url = baseUrl
          .newBuilder()
          .addPathSegment("mfa")
          .addPathSegment("associate")
          .build()
          .toString();

      BaseRequest<CreatedOobResponse> request = new BaseRequest<>(client, null, url, HttpMethod.POST, new TypeReference<CreatedOobResponse>() {
      });

      request.addParameter("authenticator_types", Collections.singletonList("oob"));
      request.addParameter("oob_channels", Collections.singletonList("email"));
      request.addParameter(KEY_CLIENT_ID, clientId);
      if (emailAddress != null) {
          request.addParameter("email", emailAddress);
      }
      addClientAuthentication(request, false);
      request.addHeader("Authorization", "Bearer " + mfaToken);
      return request;
  }

Alternatives and current workarounds

No response

Additional context

No response