search

CityOfLosAngeles / angeleno-my-account

App that allows Angeleno Account holders to update their profile, password, MFA, and app consent.
MIT License
1 stars 0 forks source link

Implement Advanced Security Screen #45

Open cbhernan opened 9 months ago

cbhernan commented 9 months ago

Problem

There's nothing in Advanced Security

Background info

There's an Advanced Security screen which shows users MFA methods and if they're enabled, while allowing them to register for a listed option.

Screenshot 2023-09-27 131536

Proposed Solution

We need to implement something similar on our project.

Resources

MFA Overview Enable MFA via Auth0 Flow Configure SMS and Voice Notifications for MFA Supported MFA Options

API Specific

Auth0 MFA API Intro and Limitations MFA API Endpoints Manage Authentication Factors with Authentication API Create an authentication method via API

cbhernan commented 7 months ago

This is what the flow looks like if Phone Message is enabled via the UI in Security > MFA.

This flow occurs on successful login when user does not have it enabled:

Prompt to enable: Screenshot 2023-12-07 140709

Next screen: Screenshot 2023-12-07 141420

Subsequent logins: Screenshot 2023-12-07 140920

cbhernan commented 2 months ago

This is blocked by testing for Voice, which can only be done once we have Twilio credentials, which we're waiting on an agreement for