feat: Implement MFA Step-Up for OAuth

2025-12-23 06:11:13 -05:00 · 2025-10-14 13:52:11 +00:00
parent 7aa219efe5
commit ccfa83faee
6 changed files with 225 additions and 9 deletions
--- a/src/pages/AuthCallback.tsx
+++ b/src/pages/AuthCallback.tsx
@@ -71,6 +71,33 @@ export default function AuthCallback() {
          }
        }

+        // Check if MFA step-up is required for OAuth users
+        if (isOAuthUser) {
+          console.log('[AuthCallback] Checking MFA requirements for OAuth user...');
+          
+          try {
+            const { data: factors } = await supabase.auth.mfa.listFactors();
+            const hasMfaEnrolled = factors?.totp?.some(f => f.status === 'verified');
+            
+            const { data: { currentLevel } } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel();
+            
+            console.log('[AuthCallback] MFA status:', {
+              hasMfaEnrolled,
+              currentLevel,
+            });
+
+            if (hasMfaEnrolled && currentLevel === 'aal1') {
+              console.log('[AuthCallback] MFA step-up required, redirecting...');
+              sessionStorage.setItem('mfa_step_up_required', 'true');
+              navigate('/auth/mfa-step-up');
+              return;
+            }
+          } catch (error) {
+            console.error('[AuthCallback] Failed to check MFA status:', error);
+            // Continue anyway - don't block sign-in
+          }
+        }
+
        setStatus('success');
        
        // Show success message