Skip to content

feat: expose optional-MFA-with-skip, passkey-MFA, and is_mfa_enforced fields#45

Open
lakhansamani wants to merge 8 commits into
mainfrom
feat/enforce-mfa-passkey-gate
Open

feat: expose optional-MFA-with-skip, passkey-MFA, and is_mfa_enforced fields#45
lakhansamani wants to merge 8 commits into
mainfrom
feat/enforce-mfa-passkey-gate

Conversation

@lakhansamani

Copy link
Copy Markdown
Contributor

Summary

SDK support for the backend's MFA work (see authorizerdev/authorizer#685):

  • skipMfaSetup(), should_offer_mfa_setup, has_skipped_mfa_setup_at — optional MFA setup with skip.
  • should_offer_webauthn_mfa_verify on AuthResponse — passkey as a second MFA factor. loginWithPasskey(email) (already shipped) is reused as-is for the verify step; no new SDK methods needed.
  • is_mfa_enforced on Meta — lets authorizer-react hide the primary passkey-login button when the org enforces MFA.
  • A querySync test that asserts every Meta/AuthResponse interface field is actually selected in the corresponding GraphQL query string (and vice versa) — added after two of the fields above shipped with a type but no matching query selection, silently making them dead on arrival. Type-checking alone can't catch this class of bug since the interface and the query string are independent.

Version: 3.3.0-rc.1 → 3.6.0-rc.0.

Test plan

  • npm run build clean (CJS/ESM/DTS)
  • __test__/querySync.test.ts — confirmed it catches drift in both directions by deliberately breaking sync and watching it fail, then restoring
  • Full npm run test suite — all suites pass except one pre-existing, unrelated failure in index.test.ts (testcontainers-based integration tests), confirmed present on the base commit before any of this work via a side-by-side worktree comparison — not a regression from this PR

Nested worktree under authorizer-js/ let ESLint cascade into the
parent repo's .eslintrc.js, resolving @typescript-eslint/eslint-plugin
from two node_modules trees and failing with an ambiguous-plugin error.
…aSetup()

Bump 3.4.0-rc.0. skipMfaSetup mirrors deactivateAccount's authenticated
dispatch shape (headers passthrough), not resendOtp's unauthenticated one,
since it dismisses the current user's own MFA setup prompt.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant