feat: add My Account API support for managing MFA authentication method#835
feat: add My Account API support for managing MFA authentication method#835utkrishtsahu wants to merge 3 commits into
Conversation
| private const val MY_ACCOUNT_DELETE_AUTH_METHOD_METHOD = | ||
| "myAccount#deleteAuthenticationMethod" | ||
|
|
||
| class DeleteAuthenticationMethodRequestHandler : |
There was a problem hiding this comment.
is final class required here?
| override fun onSuccess( | ||
| res: AuthenticationMethod | ||
| ) { | ||
| result.success(null) |
There was a problem hiding this comment.
is flutter compatible with suspend functions?
| result.success(res.map { | ||
| mapOf( | ||
| "name" to it.type, | ||
| "enabled" to true |
There was a problem hiding this comment.
Factor has type and usage. Dont we want to pass usage as well to dart?
There was a problem hiding this comment.
Agree, usage array should be returned
| result.success(res.map { | ||
| mapOf( | ||
| "name" to it.type, | ||
| "enabled" to true |
There was a problem hiding this comment.
"enabled" : true should this be derived from response.?
| override fun onSuccess(res: List<Factor>) { | ||
| result.success(res.map { | ||
| mapOf( | ||
| "name" to it.type, |
There was a problem hiding this comment.
Lets keep it as type only. Its not actually a name thats returned.
| result.success(res.map { | ||
| mapOf( | ||
| "name" to it.type, | ||
| "enabled" to true |
There was a problem hiding this comment.
What exactly does this enabled represent. The API doesn't return an enabled property
| request: MethodCallRequest, | ||
| result: MethodChannel.Result | ||
| ) { | ||
| client.getAuthenticationMethods() |
There was a problem hiding this comment.
This API now supports a type parameter as input. Android PR is already up.
auth0/Auth0.Android#974
Both platforms will have this out by next week. Update accordingly
| override fun onSuccess( | ||
| res: AuthenticationMethod | ||
| ) { | ||
| result.success(null) |
There was a problem hiding this comment.
Why is the success returning null here. Shouldn't the details from AuthenticationMethod type be returned here ?
| val handler = myAccountRequestHandlers.find { it.method == call.method } | ||
| if (handler != null) { | ||
| val accessToken = request.data["accessToken"] as? String ?: "" | ||
| val client = MyAccountAPIClient(request.account, accessToken) |
There was a problem hiding this comment.
MyAccountAPI's support DPoP too. Ensure the client created can support DPoP also.
auth0/Auth0.Android#974
This PR adds the support for the same in Android
| put("_statusCode", exception.statusCode) | ||
| put("_errorFlags", mapOf( | ||
| "isNetworkError" to exception.isNetworkError, | ||
| )) |
There was a problem hiding this comment.
The MyAccountException returns more info which actually represents what went wrong like title, detail etc. These help the customer know what went wrong and also help us debug when an issue arises. Currently the above map captures only the status code, which in itself is not helpful. Add the other properties too
| return buildMap { | ||
| put("id", id) | ||
| put("type", type) | ||
| put("created_at", createdAt) |
There was a problem hiding this comment.
there is a usage property also
| is PushNotificationAuthenticationMethod -> { | ||
| put("name", method.name) | ||
| } | ||
| else -> {} |
There was a problem hiding this comment.
Passkey , Recovery code and Password are missing
| put("name", method.name) | ||
| } | ||
| is PushNotificationAuthenticationMethod -> { | ||
| put("name", method.name) |
There was a problem hiding this comment.
The confirmed property is also missing which is important to know whether a authentication method is verfied or nor
| put("recovery_code", challenge.recoveryCode) | ||
| } | ||
| is MfaEnrollmentChallenge -> {} | ||
| else -> {} |
There was a problem hiding this comment.
Oob enrollment challenge is missing
4 participants
📋 Changes
Adds support for the Auth0 My Account API, enabling end-users to self-manage their MFA authentication methods without requiring Management API tokens.
New public API:
New types added:
Platform implementation:
Requires access tokens with audience https://{domain}/me/ and appropriate me scopes (read:me:authentication_methods, create:me:authentication_methods, delete:me:authentication_methods, read:me:factors).
📎 References
SDK-8730
🎯 Testing
Unit tests:
Manual testing:
Not tested: