Skip to content

feat: add MyAccount API client support#1121

Open
yogeshchoudhary147 wants to merge 1 commit into
mainfrom
feat/my-account-api-client
Open

feat: add MyAccount API client support#1121
yogeshchoudhary147 wants to merge 1 commit into
mainfrom
feat/my-account-api-client

Conversation

@yogeshchoudhary147

@yogeshchoudhary147 yogeshchoudhary147 commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

The myAccount client introduced in auth0-spa-js#1615 was not yet surfaced through the React SDK. This PR exposes it so it is accessible via useAuth0.

Changes

useAuth0().myAccount (new)

Factors

  • getFactors(): list all MFA factors enabled on the tenant with their type and usage

Authentication methods

  • getAuthenticationMethods(type?): list enrolled methods, optionally filtered by type
  • getAuthenticationMethod(id): get a single method by ID
  • updateAuthenticationMethod(id, data): update name or preferred_authentication_method
  • deleteAuthenticationMethod(id): remove an enrolled method

Enrollment (two-step)

  • enrollmentChallenge(options): initiate enrollment for any factor type; returns challenge data (WebAuthn creation options, barcode URI, recovery code, password policy, etc.)
  • enrollmentVerify(options): confirm enrollment; returns the created AuthenticationMethod

Supports: passkey, webauthn-platform, webauthn-roaming, phone, email, totp, push-notification, recovery-code, password.

Implementation pattern

myAccount follows the same pattern as mfa — a useMemo(() => client.myAccount, [client]) passthrough. No useCallback wrappers or GET_ACCESS_TOKEN_COMPLETE dispatches are needed since none of these operations affect isAuthenticated or user.

Exports

MyAccountApiClient (type) and MyAccountApiError are now exported from the package root.

Dependency

Bumps @auth0/auth0-spa-js to ^2.21.1.

Test plan

Manual: authentication methods CRUD

  • getAuthenticationMethods() / getAuthenticationMethods("passkey"): correct fields, filtering works
  • getAuthenticationMethod(id): correct shape
  • updateAuthenticationMethod(id, { name }): confirmed working for totp
  • deleteAuthenticationMethod(id): secondary methods deleted; primary passkey deletion correctly rejected
  • getFactors(): all enabled factors returned with correct type and usage

Manual: end-to-end passkey enrollment

  • User logs in with username/password (PKCE)
  • User enrolls a passkey via enrollmentChallenge + enrollmentVerify
  • User logs out, then logs back in via auth0.passkey.login() with no password required

Regression

  • connectAccountWithRedirect + handleRedirectCallback: connected accounts flow unaffected
  • auth0.passkey.signup() / auth0.passkey.login(): passkey flows unaffected

@yogeshchoudhary147 yogeshchoudhary147 requested a review from a team as a code owner June 11, 2026 16:02
@yogeshchoudhary147 yogeshchoudhary147 force-pushed the feat/my-account-api-client branch 6 times, most recently from d54a6c0 to 7df25d8 Compare June 15, 2026 14:20
pmathew92
pmathew92 reviewed Jun 16, 2026
View reviewed changes
Comment thread EXAMPLES.md Outdated
@yogeshchoudhary147 yogeshchoudhary147 force-pushed the feat/my-account-api-client branch from 7df25d8 to 6b746c6 Compare June 16, 2026 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmathew92 pmathew92 pmathew92 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yogeshchoudhary147 @pmathew92