Skip to content
Open
Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
5f89815
chore(deps): bump @xmldom/xmldom from 0.8.12 to 0.8.13 (#1515)
dependabot[bot] Apr 23, 2026
3ce9438
feat(mfa): Implement Multi-Factor Authentication (MFA) support
subhankarmaiti Apr 23, 2026
2010789
chore(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#1518)
dependabot[bot] Apr 23, 2026
a370fab
chore(deps): upgrade transitive dependencies to latest versions (#1516)
subhankarmaiti Apr 23, 2026
099ace3
feat(mfa): Refactor MFA handling by introducing MfaBridge for better …
subhankarmaiti Apr 23, 2026
f6f2690
Release v5.5.1 (#1519)
subhankarmaiti Apr 23, 2026
569a558
Merge branch 'master' into feat/flexible-factors-grant-support
subhankarmaiti Apr 27, 2026
bf083ad
docs: add Expo callback URL format to README (#1522)
subhankarmaiti Apr 27, 2026
714794d
Merge branch 'master' into feat/flexible-factors-grant-support
subhankarmaiti Apr 28, 2026
ace2e96
feat(mfa): Refactor MFA handling and improve user experience
subhankarmaiti Apr 29, 2026
f24bcbe
feat(mfa): Refactor MFA factor handling and enhance enrollment process
subhankarmaiti May 4, 2026
8301986
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti May 18, 2026
11d2dad
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti May 20, 2026
4c0ba32
feat(mfa): enhance factor type mapping for MFA authenticators
subhankarmaiti May 25, 2026
2f90b80
feat(mfa): implement MFA flow with authenticator selection and challe…
subhankarmaiti May 25, 2026
ca207d0
fix: support runtime tenant/domain switching
subhankarmaiti Jun 11, 2026
063efdc
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti Jun 19, 2026
d48c6b5
feat: implement config signature for client identity management and u…
subhankarmaiti Jun 23, 2026
b387c65
feat: add credentialsManagerStorageKey to support multi-tenant domain…
subhankarmaiti Jun 23, 2026
bf0567e
docs: update EXAMPLES.md to clarify tenant credential isolation and u…
subhankarmaiti Jun 23, 2026
3a2c0ec
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti Jun 23, 2026
66dbea0
feat: add SimpleKeychain dependency and enhance credential management…
subhankarmaiti Jun 23, 2026
3ecfddd
chore: add React Native 0.86 support and upgrade dependencies
subhankarmaiti Jun 23, 2026
442d1af
Merge branch 'chore/upgrade-react-native-0.86' of https://github.com/…
subhankarmaiti Jun 24, 2026
9d26afc
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti Jun 24, 2026
23434ac
chore: remove unused path-expression-matcher dependency from yarn.lock
subhankarmaiti Jun 24, 2026
900f7a3
feat: add support for flexible MFA factor types and push notifications
subhankarmaiti Jun 25, 2026
f86999f
docs: update comment for handling OOB code in MFA example
subhankarmaiti Jun 25, 2026
e8a1a09
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti Jun 25, 2026
6d7f4f1
Merge branch 'master' of https://github.com/auth0/react-native-auth0 …
subhankarmaiti Jun 29, 2026
073115e
feat(mfa): enhance MFA functionality with scope and audience support
subhankarmaiti Jun 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ jobs:
- name: Run RL Scanner
uses: auth0/devsecops-tooling/.github/actions/rl-scan@e29f26478db18ff0bcbe4bc447a8fbd54fbeec9e # main on 2026-06-09, TODO: use a release instead
with:
artifact-name: "react-native-auth0"
artifact-path: "${{ github.workspace }}/react-native-auth0.tgz"
artifact-name: 'react-native-auth0'
artifact-path: '${{ github.workspace }}/react-native-auth0.tgz'
version: ${{ steps.get_version.outputs.version }}
RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
Expand Down
6 changes: 5 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,28 +1,32 @@
# Change Log

## [v5.7.0](https://github.com/auth0/react-native-auth0/tree/v5.7.0) (2026-06-01)

[Full Changelog](https://github.com/auth0/react-native-auth0/compare/v5.6.0...v5.7.0)

**Added**

- feat: Add My Account API support for managing authentication methods [\#1552](https://github.com/auth0/react-native-auth0/pull/1552) ([subhankarmaiti](https://github.com/subhankarmaiti))
- feat: add passkeys support for signup and signin [\#1530](https://github.com/auth0/react-native-auth0/pull/1530) ([subhankarmaiti](https://github.com/subhankarmaiti))

**Fixed**

- fix: fixing incorrectly created CHANGELOG.md [\#1539](https://github.com/auth0/react-native-auth0/pull/1539) ([nandan-bhat](https://github.com/nandan-bhat))

## [5.6.0](https://github.com/auth0/react-native-auth0/tree/v5.6.0) (2026-05-14)

[Full Changelog](https://github.com/auth0/react-native-auth0/compare/v5.5.1...v5.6.0)

**Added**

- feat: surface DPoP credential state errors from native SDKs [\#1529](https://github.com/auth0/react-native-auth0/pull/1529) ([@subhankarmaiti](https://github.com/subhankarmaiti))
- feat(android): expose allowedBrowserPackages option for web authentication [\#1513](https://github.com/auth0/react-native-auth0/pull/1513) ([@mrbrentkelly](https://github.com/mrbrentkelly))

**Fixed**

- fix: apply deepCamelCase to MFA challenge response [\#1510](https://github.com/auth0/react-native-auth0/pull/1510) ([@AkhtarZaman7](https://github.com/AkhtarZaman7))
- docs: add Expo callback URL format to README [\#1522](https://github.com/auth0/react-native-auth0/pull/1522) ([@subhankarmaiti](https://github.com/subhankarmaiti))


## [v5.5.1](https://github.com/auth0/react-native-auth0/tree/v5.5.1) (2026-04-23)

[Full Changelog](https://github.com/auth0/react-native-auth0/compare/v5.5.0...v5.5.1)
Expand Down
129 changes: 121 additions & 8 deletions EXAMPLES-WEB.md
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,127 @@ const App = () => {
};
```

## Unsupported Web Features
## 3. MFA Flexible Factors Grant (Web)

For security reasons, the web platform **does not support** direct authentication grants. The following methods from the `auth` provider will throw a `NotImplemented` error:
The MFA Flexible Factors Grant is fully supported on the web platform. It uses the `@auth0/auth0-spa-js` MFA API under the hood.

- `auth.passwordRealm()`
- `auth.loginWithOTP()`
- `auth.loginWithSMS()`
- `auth.loginWithEmail()`
- `auth.refreshToken()`
### Using MFA with Hooks

All these flows should be configured in your [Auth0 Universal Login](https://auth0.com/docs/universal-login) page and initiated via the `authorize()` method.
```tsx
import React, { useState } from 'react';
import { View, Button, TextInput, Text } from 'react-native';
import { useAuth0, MfaError, MfaErrorCodes } from 'react-native-auth0';

function MfaScreen({ mfaToken }: { mfaToken: string }) {
const { mfa } = useAuth0();
const [otp, setOtp] = useState('');

const listAuthenticators = async () => {
try {
const authenticators = await mfa.getAuthenticators({ mfaToken });
console.log('Authenticators:', authenticators);
} catch (error) {
if (error instanceof MfaError) {
console.error('MFA error:', error.type, error.message);
}
}
};

const enrollTotp = async () => {
try {
const challenge = await mfa.enroll({ mfaToken, factorType: 'otp' });
if (challenge.type === 'totp') {
console.log('Scan QR:', challenge.barcodeUri);
console.log('Secret:', challenge.secret);
}
} catch (error) {
if (error instanceof MfaError) {
console.error('Enrollment error:', error.type);
}
}
};

const verifyOtp = async () => {
try {
const credentials = await mfa.verify({ mfaToken, otp });
console.log('Authenticated!', credentials.accessToken);
} catch (error) {
if (error instanceof MfaError) {
switch (error.type) {
case MfaErrorCodes.INVALID_OTP:
console.log('Incorrect code');
break;
case MfaErrorCodes.TOO_MANY_ATTEMPTS:
console.log('Too many attempts');
break;
case MfaErrorCodes.EXPIRED_MFA_TOKEN:
console.log('Session expired');
break;
}
}
}
};

return (
<View>
<Button title="List Authenticators" onPress={listAuthenticators} />
<Button title="Enroll TOTP" onPress={enrollTotp} />
<TextInput placeholder="Enter OTP" value={otp} onChangeText={setOtp} />
<Button title="Verify" onPress={verifyOtp} />
</View>
);
}
```

### Using MFA with Auth0 Class

```typescript
import Auth0, { MfaError, MfaErrorCodes } from 'react-native-auth0';

const auth0 = new Auth0({
domain: 'YOUR_AUTH0_DOMAIN',
clientId: 'YOUR_AUTH0_CLIENT_ID',
});

// List authenticators
const authenticators = await auth0.mfa.getAuthenticators({
mfaToken: 'mfa_token',
});

// Enroll TOTP
const challenge = await auth0.mfa.enroll({
mfaToken: 'mfa_token',
factorType: 'otp',
});

// Enroll SMS
const smsChallenge = await auth0.mfa.enroll({
mfaToken: 'mfa_token',
factorType: 'sms',
phoneNumber: '+12025550135',
});

// Enroll push notification (Auth0 Guardian) — web returns barcodeUri + oobCode
const pushChallenge = await auth0.mfa.enroll({
mfaToken: 'mfa_token',
factorType: 'push',
});

// Challenge an authenticator
const challengeResult = await auth0.mfa.challenge({
mfaToken: 'mfa_token',
authenticatorId: 'sms|dev_123',
});

// Verify OTP
const credentials = await auth0.mfa.verify({
mfaToken: 'mfa_token',
otp: '123456',
});
```

## Web Platform Notes

The web platform supports direct authentication grants including `auth.passwordRealm()`, `auth.createUser()`, `auth.resetPassword()`, and the MFA Flexible Factors Grant. These methods make direct HTTP calls to the Auth0 API.

Token refresh is handled automatically by `credentialsManager.getCredentials()` on the web. The `auth.refreshToken()` method is not available.
Loading
Loading