feat: implement MFA methods related tests

Author: gyaneshgouraw-okta

EXAMPLES.md

@@ -902,39 +902,20 @@ const { mfa } = useAuth0();
 const authenticators = await mfa.getAuthenticators(mfaToken);
 
 // For OTP: Challenge is OPTIONAL - code already available in authenticator app
-// Skip directly to verify() with the 6-digit code
-
-// For SMS: Challenge REQUIRED to send code
-const smsResponse = await mfa.challenge({
-  mfaToken,
-  challengeType: 'sms',
-  authenticatorId: authenticators[0].id
-});
-console.log('OOB Code:', smsResponse.oobCode);  // SMS sent to phone
-
-// For Voice: Challenge REQUIRED to initiate call
-const voiceResponse = await mfa.challenge({
+// Skip directly to verify() with the 6-digit code, or optionally challenge with:
+const otpResponse = await mfa.challenge({
   mfaToken,
-  challengeType: 'voice',
+  challengeType: 'otp',
   authenticatorId: authenticators[0].id
 });
-console.log('OOB Code:', voiceResponse.oobCode);  // Voice call initiated
 
-// For Email: Challenge REQUIRED to send email
-const emailResponse = await mfa.challenge({
+// For SMS/Voice/Email/Push: Challenge REQUIRED to send code (use 'oob' type)
+const oobResponse = await mfa.challenge({
   mfaToken,
-  challengeType: 'email',
-  authenticatorId: authenticators[0].id
-});
-console.log('OOB Code:', emailResponse.oobCode);  // Email sent
-
-// For Push: Challenge REQUIRED to send notification
-await mfa.challenge({
-  mfaToken,
-  challengeType: 'push',
-  authenticatorId: authenticators[0].id
+  challengeType: 'oob',  // Use 'oob' for all out-of-band authenticators
+  authenticatorId: authenticators[0].id  // ID of SMS/Voice/Email/Push authenticator
 });
-// Push notification sent to Guardian app
+console.log('OOB Code:', oobResponse.oobCode);  // Code sent via SMS/Voice/Email/Push
 ```
 
 ### Verifying Challenges

__mocks__/@auth0/auth0-spa-js.tsx

@@ -20,6 +20,11 @@ const setDpopNonce = jest.fn();
 const generateDpopProof = jest.fn();
 const createFetcher = jest.fn();
 const getConfiguration = jest.fn();
+const mfaGetAuthenticators = jest.fn(() => Promise.resolve([]));
+const mfaEnroll = jest.fn(() => Promise.resolve({ id: 'test-id', barcodeUri: 'test-uri', recoveryCodes: [] }));
+const mfaChallenge = jest.fn(() => Promise.resolve({ challengeType: 'otp', oobCode: null }));
+const mfaVerify = jest.fn(() => Promise.resolve({ access_token: 'test-token', id_token: 'test-id-token' }));
+const mfaGetEnrollmentFactors = jest.fn(() => Promise.resolve([]));
 
 export const Auth0Client = jest.fn(() => {
   return {
@@ -43,7 +48,21 @@ export const Auth0Client = jest.fn(() => {
     generateDpopProof,
     createFetcher,
     getConfiguration,
+    mfa: {
+      getAuthenticators: mfaGetAuthenticators,
+      enroll: mfaEnroll,
+      challenge: mfaChallenge,
+      verify: mfaVerify,
+      getEnrollmentFactors: mfaGetEnrollmentFactors,
+    },
   };
 });
 
-export const ResponseType = actual.ResponseType;
+export const ResponseType = actual.ResponseType;
+
+export const MfaError = actual.MfaError;
+export const MfaListAuthenticatorsError = actual.MfaListAuthenticatorsError;
+export const MfaEnrollmentError = actual.MfaEnrollmentError;
+export const MfaChallengeError = actual.MfaChallengeError;
+export const MfaVerifyError = actual.MfaVerifyError;
+export const MfaEnrollmentFactorsError = actual.MfaEnrollmentFactorsError;

__tests__/mfa.test.tsx

@@ -0,0 +1,96 @@
+import { renderHook, waitFor } from '@testing-library/react';
+import useAuth0 from '../src/use-auth0';
+import { createWrapper } from './helpers';
+
+describe('MFA API', () => {
+  describe('Basic Availability', () => {
+    it('should provide mfa client through useAuth0', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(() => {
+        expect(result.current.mfa).toBeDefined();
+      });
+    });
+
+    it('should provide all five MFA methods', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(() => {
+        expect(result.current.mfa.getAuthenticators).toBeDefined();
+        expect(result.current.mfa.enroll).toBeDefined();
+        expect(result.current.mfa.challenge).toBeDefined();
+        expect(result.current.mfa.verify).toBeDefined();
+        expect(result.current.mfa.getEnrollmentFactors).toBeDefined();
+      });
+    });
+  });
+
+  describe('Method Success Tests', () => {
+    it('should call mfa.getAuthenticators', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(async () => {
+        const authenticators = await result.current.mfa.getAuthenticators('test-mfa-token');
+        expect(authenticators).toBeDefined();
+        expect(Array.isArray(authenticators)).toBe(true);
+      });
+    });
+
+    it('should call mfa.enroll', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(async () => {
+        const enrollment = await result.current.mfa.enroll({
+          mfaToken: 'test-mfa-token',
+          factorType: 'otp',
+        });
+        expect(enrollment).toBeDefined();
+        expect(enrollment.id).toBe('test-id');
+      });
+    });
+
+    it('should call mfa.challenge', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(async () => {
+        const response = await result.current.mfa.challenge({
+          mfaToken: 'test-mfa-token',
+          challengeType: 'otp',
+          authenticatorId: 'test-auth-id',
+        });
+        expect(response).toBeDefined();
+        expect(response.challengeType).toBe('otp');
+      });
+    });
+
+    it('should call mfa.verify', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(async () => {
+        const tokens = await result.current.mfa.verify({
+          mfaToken: 'test-mfa-token',
+          otp: '123456',
+        });
+        expect(tokens).toBeDefined();
+        expect(tokens.access_token).toBe('test-token');
+      });
+    });
+
+    it('should call mfa.getEnrollmentFactors', async () => {
+      const wrapper = createWrapper();
+      const { result } = renderHook(() => useAuth0(), { wrapper });
+
+      await waitFor(async () => {
+        const factors = await result.current.mfa.getEnrollmentFactors('test-mfa-token');
+        expect(factors).toBeDefined();
+        expect(Array.isArray(factors)).toBe(true);
+      });
+    });
+  });
+});

src/auth0-context.tsx

@@ -400,7 +400,7 @@ export const initialContext = {
     challenge: stub,
     verify: stub,
     getEnrollmentFactors: stub,
-  } as MfaApiClient,
+  } as unknown as MfaApiClient,
 };
 
 /**