← 返回 Skills 市场
auth0

Auth0 MFA

作者 Auth0 · GitHub ↗ · v1.0.0 · MIT-0
darwinlinux ⚠ suspicious
86
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install auth0-mfa
功能描述
Use when adding MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, or when requiring step-up verification for sensitive operations or meeting complianc...
使用说明 (SKILL.md)

Auth0 MFA Guide

Add Multi-Factor Authentication to protect user accounts and require additional verification for sensitive operations.

Overview

What is MFA?

Multi-Factor Authentication (MFA) requires users to provide two or more verification factors to access their accounts. Auth0 supports multiple MFA factors and enables step-up authentication for sensitive operations.

When to Use This Skill

  • Adding MFA to protect user accounts
  • Requiring additional verification for sensitive actions (payments, settings changes)
  • Implementing adaptive/risk-based authentication
  • Meeting compliance requirements (PCI-DSS, SOC2, HIPAA)

MFA Factors Supported

Factor Type Description
TOTP Something you have Time-based one-time passwords (Google Authenticator, Authy)
SMS Something you have One-time codes via text message
Email Something you have One-time codes via email
Push Something you have Push notifications via Auth0 Guardian app
WebAuthn Something you have/are Security keys, biometrics, passkeys
Voice Something you have One-time codes via phone call
Recovery Code Backup One-time use recovery codes

Key Concepts

Concept Description
acr_values Request MFA during authentication
amr claim Authentication Methods Reference - indicates how user authenticated
Step-up auth Require MFA for specific actions after initial login
Adaptive MFA Conditionally require MFA based on risk signals

Step 1: Enable MFA in Tenant

Via Auth0 Dashboard

  1. Go to Security → Multi-factor Auth
  2. Enable desired factors (TOTP, SMS, etc.)
  3. Configure Policies:
    • Always - Require MFA for all logins
    • Adaptive - Risk-based MFA
    • Never - Disable MFA (use step-up instead)

Via Auth0 CLI

# View current MFA configuration
auth0 api get "guardian/factors"

# Enable TOTP (One-time Password)
auth0 api put "guardian/factors/otp" --data '{"enabled": true}'

# Enable SMS
auth0 api put "guardian/factors/sms" --data '{"enabled": true}'

# Enable Push notifications
auth0 api put "guardian/factors/push-notification" --data '{"enabled": true}'

# Enable WebAuthn (Roaming - Security Keys)
auth0 api put "guardian/factors/webauthn-roaming" --data '{"enabled": true}'

# Enable WebAuthn (Platform - Biometrics)
auth0 api put "guardian/factors/webauthn-platform" --data '{"enabled": true}'

# Enable Email
auth0 api put "guardian/factors/email" --data '{"enabled": true}'

Configure MFA Policy

# Set MFA policy: "all-applications" or "confidence-score"
auth0 api patch "guardian/policies" --data '["all-applications"]'

Step 2: Implement Step-Up Authentication

Step-up auth requires MFA for sensitive operations without requiring it for every login.

The acr_values Parameter

Request MFA by including acr_values in your authorization request:

acr_values=http://schemas.openid.net/pape/policies/2007/06/multi-factor

Implementation Pattern

The general pattern for all frameworks:

  1. Check if user has already completed MFA (inspect amr claim)
  2. If not, request MFA via acr_values parameter
  3. Proceed with sensitive action once MFA is verified

For complete framework-specific examples, see Examples Guide:

  • React (basic and custom hook)
  • Next.js (App Router)
  • Vue.js
  • Angular

Additional Resources

This skill is split into multiple files for better organization:

Step-Up Examples

Complete code examples for all frameworks:

  • React (basic and custom hook patterns)
  • Next.js (App Router with API routes)
  • Vue.js (composition API)
  • Angular (services and components)

Backend Validation

Learn how to validate MFA status on your backend:

  • Node.js / Express JWT validation
  • Python / Flask validation
  • Middleware examples

Advanced Topics

Advanced MFA implementation patterns:

  • Adaptive MFA with Auth0 Actions
  • Conditional MFA based on risk signals
  • MFA Enrollment API

Reference Guide

Common patterns and troubleshooting:

  • Remember MFA for 30 days
  • MFA for high-value transactions
  • MFA status display
  • Error handling
  • AMR claim values
  • Testing strategies
  • Security considerations

Related Skills

  • auth0-quickstart - Basic Auth0 setup
  • auth0-passkeys - WebAuthn/passkey implementation
  • auth0-actions - Custom authentication logic

References

安全使用建议
This skill documents how to change Auth0 MFA settings and uses the Auth0 CLI; installing it will add the auth0 binary via Homebrew and the instructions will perform tenant-changing operations if run. Before installing or invoking: 1) Do not provide management tokens or tenant credentials to an untrusted agent — the examples require a management bearer token (MGMT_TOKEN) and tenant environment variables (AUTH0_DOMAIN, AUTH0_AUDIENCE). 2) Prefer least-privilege credentials (scoped management token) for testing, and review each CLI/API command before execution. 3) If you only need read-only guidance, you can use the README content without supplying credentials. 4) If you want the skill to be allowed to run changes automatically, ensure you understand and trust the agent and consider limiting its permissions and auditing runs.
功能分析
Type: OpenClaw Skill Name: auth0-mfa Version: 1.0.0 The skill bundle provides legitimate documentation and code examples for implementing Multi-Factor Authentication (MFA) using Auth0. It includes standard Auth0 CLI commands for configuration and framework-specific examples (React, Next.js, Node.js, etc.) for step-up authentication, all of which align with official Auth0 best practices without any signs of malicious intent or data exfiltration.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name/description match the contents: all examples and CLI commands are about enabling/configuring Auth0 MFA, step-up auth, and related backend validation. Requiring the Auth0 CLI (auth0) is coherent with those tasks.
Instruction Scope
Instructions tell the agent to run auth0 CLI API calls (put/patch) and to deploy Actions — these are legitimate for configuring MFA but are tenant-changing operations. Examples and backend snippets reference environment variables (AUTH0_DOMAIN, AUTH0_AUDIENCE) and a management bearer token (MGMT_TOKEN). The skill does not explicitly warn that commands will modify tenant configuration or require management credentials; reviewers should expect these commands to perform live changes if run.
Install Mechanism
Install uses a Homebrew formula (auth0/auth0-cli/auth0), a reasonable and traceable distribution method for the official Auth0 CLI. No arbitrary download URLs or archive extraction are used.
Credentials
Registry metadata lists no required env vars, but SKILL.md and reference files assume several sensitive environment values and tokens (e.g., AUTH0_DOMAIN, AUTH0_AUDIENCE, MGMT_TOKEN). The skill will require management credentials to perform enable/patch/delete operations shown in examples; the absence of declared required credentials is an inconsistency and a potential gotcha for users.
Persistence & Privilege
Skill is not always-enabled, does not request persistent system-wide changes during install, and is instruction-only (no bundled code run at install). It will only act when invoked and then only via the auth0 CLI, so persistence/privilege level is limited to what the CLI + provided credentials allow.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install auth0-mfa
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /auth0-mfa 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the auth0-mfa skill. - Provides guidance on enabling and configuring MFA (Multi-Factor Authentication) with Auth0, including TOTP, SMS, email, push notifications, and passkeys. - Covers use cases such as step-up authentication, adaptive/risk-based MFA, and compliance requirements (e.g., HIPAA, PCI-DSS). - Includes CLI examples for enabling factors and setting policies. - Offers references and links to framework-specific examples and advanced topics.
元数据
Slug auth0-mfa
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Auth0 MFA 是什么?

Use when adding MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, or when requiring step-up verification for sensitive operations or meeting complianc... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。

如何安装 Auth0 MFA?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install auth0-mfa」即可一键安装,无需额外配置。

Auth0 MFA 是免费的吗?

是的,Auth0 MFA 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Auth0 MFA 支持哪些平台?

Auth0 MFA 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 Auth0 MFA?

由 Auth0(@auth0)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论