Skip to content
This repository was archived by the owner on Sep 8, 2025. It is now read-only.
This repository was archived by the owner on Sep 8, 2025. It is now read-only.

[MFA Bug] Can not enroll MFA use factor_type = "totp" #684

Closed
#693
Closed
[MFA Bug] Can not enroll MFA use factor_type = "totp"#684
#693
Assignees
grdsdev
Labels
bugSomething isn't working
@huuvan023

Description

@huuvan023
huuvan023
opened on Mar 4, 2025

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

model_validate error for class AuthMFAEnrollResponse when we enroll new MFA.

To Reproduce

When enrolling a new MFA factor using the following code:

 self.anon_role.auth.mfa.enroll(
            {
                "factor_type": "totp",
                "friendly_name": "test",
                "issuer": "Test Platform",
                "phone": "xxxx",
            }
        )

It raises the following validation error:
1 validation error for AuthMFAEnrollResponse\nphone\n Field required [type=missing, input_value={'id': 'dc5440a6-7f38-4bf...ARFDY5QLJHF63L3YRRLJ6'}}, input_type=dict]\n For further information visit https://errors.pydantic.dev/2.10/v/missing

After reviewing the source code, the issue originates from the _enroll method:

 def _enroll(self, params: MFAEnrollParams) -> AuthMFAEnrollResponse:
        session = self.get_session()
        if not session:
            raise AuthSessionMissingError()

        body = {
            "friendly_name": params["friendly_name"],
            "factor_type": params["factor_type"],
        }

        if params["factor_type"] == "phone":
            body["phone"] = params["phone"]
        else:
            body["issuer"] = params["issuer"]

        response = self._request(
            "POST",
            "factors",
            body=body,
            jwt=session.access_token,
            xform=partial(model_validate, AuthMFAEnrollResponse),
        )
        if params["factor_type"] == "totp" and response.totp.qr_code:
            response.totp.qr_code = f"data:image/svg+xml;utf-8,{response.totp.qr_code}"
        return response

in the line xform=partial(model_validate, AuthMFAEnrollResponse)

The response I received from supabase server is

{'friendly_name': 'cdiam', 'id': '9fb8848b-49eb-49d3-ae35-daac2e2bf9d5', 'totp':...}

However, the AuthMFAEnrollResponse model expects phone as a required field. Since phone is missing from the API response when using "factor_type": "totp", the validation fails, resulting in the error.

###Potential Fix
Modify the AuthMFAEnrollResponse schema to make phone optional when factor_type is "totp".

Expected behavior

Enroll MFA successfully

Screenshots

System information

Additional context

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions