fix: add has verified factor mfa claim

supabase · Nov 13, 2024 · ea50a0d · ea50a0d
1 parent 9ce2857
commit ea50a0d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/internal/api/token.go b/internal/api/token.go
@@ -340,6 +340,8 @@ func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user
 		Role:                          user.Role,
 		SessionId:                     sid,
 		AuthenticatorAssuranceLevel:   aal.String(),
+		// MFA is enabled if a developer has one at least one verified factor
+		HasVerifiedFactor:             user.HasMFAEnabled(),
 		AuthenticationMethodReference: amr,
 		IsAnonymous:                   user.IsAnonymous,
 	}

diff --git a/internal/hooks/auth_hooks.go b/internal/hooks/auth_hooks.go
@@ -108,6 +108,7 @@ type AccessTokenClaims struct {
 	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
 	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
 	SessionId                     string                 `json:"session_id,omitempty"`
+	HasVerifiedFactor             bool                   `json:"has_verified_factor"`
 	IsAnonymous                   bool                   `json:"is_anonymous"`
 }