Skip to content

port: MFA getAuthenticators type-filtering + TOTP field mapping to v4#1006

Merged
pmathew92 merged 1 commit into
v4_developmentfrom
port/998-mfa-getauthenticators
Jul 8, 2026
Merged

port: MFA getAuthenticators type-filtering + TOTP field mapping to v4#1006
pmathew92 merged 1 commit into
v4_developmentfrom
port/998-mfa-getauthenticators

Conversation

@pmathew92

Copy link
Copy Markdown
Contributor

Summary

Ports PR #998 (two related MFA fixes, merged to main) into v4_development, following the feature-by-feature port model. Same 4-file scope as #998; hunks hand-applied onto v4's structure.

1. getAuthenticators — filter on Authenticator.type (exact match)

  • MfaApiClient.getAuthenticators(factorsAllowed) now filters by comparing each Authenticator.type directly against factorsAllowed (exact, case-sensitive), replacing the previous oob_channel/authenticator_type "effective type" derivation.
  • Removed the private helpers matchesFactorType(...) and getEffectiveType(...).
  • No endpoint or public signature change — internal filtering behavior only.
  • Behavioral change: callers passing channel-level/wildcard values (sms, oob) must now pass the resolved type value (e.g. phone). The values map one-to-one to MfaFactor.type from MfaRequirements.

2. TotpEnrollmentChallenge — correct field mapping for /mfa/associate

  • Made id/authSession nullable and added authenticatorType, secret, recoveryCodes, so a single class deserializes both /mfa/associate (ROPG MFA) and /authentication-methods (My Account).
  • Fixes a null-safety bypass (id/authSession were declared non-null but arrive null from /mfa/associate) and stops silently dropping secret/recovery_codes.
  • My Account TOTP flow unaffected — its fields still map identically; the change only loosens nullability and adds fields.

Docs

  • EXAMPLES.md: MFA factor examples updated (smsphone) and TOTP enroll snippets read secret (not manualInputCode) and show recoveryCodes, for both Kotlin and Java.

Test plan

  • ./gradlew :auth0:testDebugUnitTest --tests "com.auth0.android.authentication.MfaApiClientTest" — 58 tests green (fixtures updated to type-based matching + /mfa/associate TOTP shape)
  • Full :auth0 suite — ./gradlew :auth0:testDebugUnitTest — all green; MyAccountAPIClientTest (42) confirms the shared TotpEnrollmentChallenge change does not regress the My Account TOTP flow

@pmathew92 pmathew92 requested a review from a team as a code owner July 8, 2026 10:15
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 8cde9fb4-b4d1-4ee1-9e21-d8f40021534e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch port/998-mfa-getauthenticators

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@pmathew92 pmathew92 merged commit 1470b68 into v4_development Jul 8, 2026
7 checks passed
@pmathew92 pmathew92 deleted the port/998-mfa-getauthenticators branch July 8, 2026 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants