port: MFA getAuthenticators type-filtering + TOTP field mapping to v4#1006
Merged
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
utkrishtsahu
approved these changes
Jul 8, 2026
NandanPrabhu
approved these changes
Jul 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ports PR #998 (two related MFA fixes, merged to
main) intov4_development, following the feature-by-feature port model. Same 4-file scope as #998; hunks hand-applied onto v4's structure.1.
getAuthenticators— filter onAuthenticator.type(exact match)MfaApiClient.getAuthenticators(factorsAllowed)now filters by comparing eachAuthenticator.typedirectly againstfactorsAllowed(exact, case-sensitive), replacing the previousoob_channel/authenticator_type"effective type" derivation.matchesFactorType(...)andgetEffectiveType(...).sms,oob) must now pass the resolvedtypevalue (e.g.phone). The values map one-to-one toMfaFactor.typefromMfaRequirements.2.
TotpEnrollmentChallenge— correct field mapping for/mfa/associateid/authSessionnullable and addedauthenticatorType,secret,recoveryCodes, so a single class deserializes both/mfa/associate(ROPG MFA) and/authentication-methods(My Account).id/authSessionwere declared non-null but arrivenullfrom/mfa/associate) and stops silently droppingsecret/recovery_codes.Docs
EXAMPLES.md: MFA factor examples updated (sms→phone) and TOTP enroll snippets readsecret(notmanualInputCode) and showrecoveryCodes, for both Kotlin and Java.Test plan
./gradlew :auth0:testDebugUnitTest --tests "com.auth0.android.authentication.MfaApiClientTest"— 58 tests green (fixtures updated to type-based matching +/mfa/associateTOTP shape):auth0suite —./gradlew :auth0:testDebugUnitTest— all green; MyAccountAPIClientTest (42) confirms the sharedTotpEnrollmentChallengechange does not regress the My Account TOTP flow