In AuthAPI.java, there is the addOobAuthenticator function, which allows a user to add a new OOB authenticator for MFA. This function has a parameter for users to pass in a list of OOB channels. "Email" is a valid OOB channel that can be passed in (Auth0 doc). However, the function only has logic/parameters to handle SMS/Voice enrollment with a phone number. There is no logic for email addresses, so we are unable to enroll email OOB authenticators via this method.
Describe the ideal solution
Allow enrolling MFA OOB Authenticators via the email channel. It would require another parameter for the email address, and, if it's present, adding it to an "email" request parameter. The same Auth0 endpoint would be used. Not sure if you would want to split the methods between SMS/Voice and email channels, but if so:
Checklist
Describe the problem you'd like to have solved
In AuthAPI.java, there is the addOobAuthenticator function, which allows a user to add a new OOB authenticator for MFA. This function has a parameter for users to pass in a list of OOB channels. "Email" is a valid OOB channel that can be passed in (Auth0 doc). However, the function only has logic/parameters to handle SMS/Voice enrollment with a phone number. There is no logic for email addresses, so we are unable to enroll email OOB authenticators via this method.
Describe the ideal solution
Allow enrolling MFA OOB Authenticators via the email channel. It would require another parameter for the email address, and, if it's present, adding it to an "email" request parameter. The same Auth0 endpoint would be used. Not sure if you would want to split the methods between SMS/Voice and email channels, but if so:
Alternatives and current workarounds
No response
Additional context
No response