docs: Align MFA examples

utkrishtsahu · utkrishtsahu · commit 2cf87a2a1f3c · 2026-02-03T14:15:48.000+05:30
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -445,9 +445,10 @@ When MFA is required during authentication, the error response contains a struct
 | `mfaRequirements.challenge` | `List<MfaFactor>?` | Factor types available for challenge. Present when the user **has already enrolled** MFA factors. |
 
 **Enroll vs Challenge Flows:**
-- **Enroll flow**: When `mfaRequirements.enroll` is present (and `challenge` is null or empty), the user needs to enroll a new MFA factor before they can authenticate. Use `mfaClient.enroll()` to register a new authenticator.
-- **Challenge flow**: When `mfaRequirements.challenge` is present, the user has already enrolled MFA factors. Use `mfaClient.getAuthenticators()` to list their enrolled authenticators, then `mfaClient.challenge()` to initiate verification.
-- **Both present**: In some configurations, both `enroll` and `challenge` may be present, allowing the user to either verify with an existing factor or enroll a new one.
+- **Enroll flow**: When `mfaRequirements.enroll` is present and not empty, the user needs to enroll a new MFA factor before they can authenticate. Use `mfaClient.enroll()` to register a new authenticator.
+- **Challenge flow**: When `mfaRequirements.challenge` is present and not empty, the user has already enrolled MFA factors. Use `mfaClient.getAuthenticators()` to list their enrolled authenticators, then `mfaClient.challenge()` to initiate verification.
+
+> **Note**: Check both `enroll` and `challenge` independently. While typically only one will be present, your code should handle both scenarios defensively.
 
 #### Handling MFA Required Errors
 
@@ -465,9 +466,21 @@ authentication
                 val mfaToken = mfaPayload?.mfaToken
                 val requirements = mfaPayload?.mfaRequirements
                 
-                // Check what actions are available (these are factor types, not authenticators)
-                val canChallenge = requirements?.challenge // List of factor types the user can challenge
-                val canEnroll = requirements?.enroll // List of factor types the user can enroll
+                // Check if enrollment is required (user has not enrolled MFA yet)
+                requirements?.enroll?.let { enrollTypes ->
+                    println("User needs to enroll MFA")
+                    println("Available enrollment types: ${enrollTypes.map { it.type }}")
+                    // Example output: ["otp", "sms", "push-notification"]
+                    // Proceed with MFA enrollment using one of these types
+                }
+                
+                // Check if challenge is available (user already enrolled)
+                requirements?.challenge?.let { challengeTypes ->
+                    println("User has enrolled MFA factors")
+                    println("Available challenge types: ${challengeTypes.map { it.type }}")
+                    // Example output: ["otp", "sms"]
+                    // Get authenticators and challenge one of them
+                }
                 
                 // Proceed with MFA flow using mfaToken
             }
@@ -493,7 +506,23 @@ try {
     if (e.isMultifactorRequired) {
         val mfaPayload = e.mfaRequiredErrorPayload
         val mfaToken = mfaPayload?.mfaToken
-        // Proceed with MFA flow
+        val requirements = mfaPayload?.mfaRequirements
+        
+        // Check if enrollment is required
+        requirements?.enroll?.let { enrollTypes ->
+            println("User needs to enroll MFA")
+            println("Available enrollment types: ${enrollTypes.map { it.type }}")
+            // Example output: ["otp", "sms", "push-notification"]
+        }
+        
+        // Check if challenge is available
+        requirements?.challenge?.let { challengeTypes ->
+            println("User has enrolled MFA factors")
+            println("Available challenge types: ${challengeTypes.map { it.type }}")
+            // Example output: ["otp", "sms"]
+        }
+        
+        // Proceed with MFA flow using mfaToken
     }
 }
 ```
diff --git a/auth0/src/main/java/com/auth0/android/authentication/MfaApiClient.kt b/auth0/src/main/java/com/auth0/android/authentication/MfaApiClient.kt
@@ -84,10 +84,8 @@ public class MfaApiClient @VisibleForTesting(otherwise = VisibleForTesting.PRIVA
         GsonProvider.gson
     )
 
-    private val clientId: String
-        get() = auth0.clientId
-    private val baseURL: String
-        get() = auth0.getDomainUrl()
+    private val clientId: String = auth0.clientId
+    private val baseURL: String = auth0.getDomainUrl()
 
     /**
      * Retrieves the list of available authenticators for the user, filtered by the specified factor types.
diff --git a/auth0/src/test/java/com/auth0/android/authentication/MfaExceptionTest.kt b/auth0/src/test/java/com/auth0/android/authentication/MfaExceptionTest.kt
@@ -1,10 +1,6 @@
 package com.auth0.android.authentication
 
 import com.auth0.android.authentication.MfaException.*
-import com.auth0.android.authentication.storage.CredentialsManagerException
-import com.auth0.android.result.MfaFactor
-import com.auth0.android.result.MfaRequiredErrorPayload
-import com.auth0.android.result.MfaRequirements
 import org.hamcrest.MatcherAssert.assertThat
 import org.hamcrest.Matchers.*
 import org.junit.Test
@@ -303,110 +299,4 @@ public class MfaExceptionTest {
         assertThat(verifyException.message, containsString("custom_error_code"))
     }
 
-    // ========== CredentialsManagerException MFA Tests ==========
-
-    @Test
-    public fun shouldCredentialsManagerExceptionHaveNullMfaPayloadByDefault(): Unit {
-        val exception = CredentialsManagerException.RENEW_FAILED
-
-        assertThat(exception.mfaRequiredErrorPayload, `is`(nullValue()))
-        assertThat(exception.mfaToken, `is`(nullValue()))
-    }
-
-    @Test
-    public fun shouldCredentialsManagerExceptionMfaRequiredHaveCorrectMessage(): Unit {
-        val exception = CredentialsManagerException.MFA_REQUIRED
-
-        assertThat(exception.message, containsString("Multi-factor authentication is required"))
-    }
-
-    @Test
-    public fun shouldCredentialsManagerExceptionMfaTokenReturnCorrectValue(): Unit {
-        // Create an MFA payload with a token
-        val mfaPayload = MfaRequiredErrorPayload(
-            error = "mfa_required",
-            errorDescription = "Multifactor authentication required",
-            mfaToken = "test_mfa_token_123",
-            mfaRequirements = null
-        )
-
-        // Use reflection to create exception with payload since constructor is internal
-        val exceptionClass = CredentialsManagerException::class.java
-        val constructor = exceptionClass.getDeclaredConstructor(
-            CredentialsManagerException.Code::class.java,
-            String::class.java,
-            Throwable::class.java,
-            MfaRequiredErrorPayload::class.java
-        )
-        constructor.isAccessible = true
-        
-        val codeClass = Class.forName("com.auth0.android.authentication.storage.CredentialsManagerException\$Code")
-        val mfaRequiredCode = codeClass.getDeclaredField("MFA_REQUIRED").get(null)
-        
-        val exception = constructor.newInstance(
-            mfaRequiredCode,
-            "MFA required",
-            null,
-            mfaPayload
-        ) as CredentialsManagerException
-
-        assertThat(exception.mfaRequiredErrorPayload, `is`(notNullValue()))
-        assertThat(exception.mfaToken, `is`("test_mfa_token_123"))
-        assertThat(exception.mfaRequiredErrorPayload?.mfaToken, `is`("test_mfa_token_123"))
-    }
-
-    @Test
-    public fun shouldCredentialsManagerExceptionMfaPayloadContainRequirements(): Unit {
-        // Create MFA requirements with challenge
-        val challengeFactors = listOf(MfaFactor(type = "otp"), MfaFactor(type = "sms"))
-        val requirements = MfaRequirements(challenge = challengeFactors, enroll = null)
-        val mfaPayload = MfaRequiredErrorPayload(
-            error = "mfa_required",
-            errorDescription = "Multifactor authentication required",
-            mfaToken = "token_with_requirements",
-            mfaRequirements = requirements
-        )
-
-        // Use reflection to create exception with payload
-        val exceptionClass = CredentialsManagerException::class.java
-        val constructor = exceptionClass.getDeclaredConstructor(
-            CredentialsManagerException.Code::class.java,
-            String::class.java,
-            Throwable::class.java,
-            MfaRequiredErrorPayload::class.java
-        )
-        constructor.isAccessible = true
-        
-        val codeClass = Class.forName("com.auth0.android.authentication.storage.CredentialsManagerException\$Code")
-        val mfaRequiredCode = codeClass.getDeclaredField("MFA_REQUIRED").get(null)
-        
-        val exception = constructor.newInstance(
-            mfaRequiredCode,
-            "MFA required",
-            null,
-            mfaPayload
-        ) as CredentialsManagerException
-
-        assertThat(exception.mfaRequiredErrorPayload, `is`(notNullValue()))
-        assertThat(exception.mfaRequiredErrorPayload?.mfaRequirements, `is`(notNullValue()))
-        assertThat(exception.mfaRequiredErrorPayload?.mfaRequirements?.challenge?.map { it.type }, `is`(listOf("otp", "sms")))
-    }
-
-    @Test
-    public fun shouldCredentialsManagerExceptionEqualityIgnoreMfaPayload(): Unit {
-        // Two MFA_REQUIRED exceptions should be equal regardless of payload
-        val exception1 = CredentialsManagerException.MFA_REQUIRED
-        val exception2 = CredentialsManagerException.MFA_REQUIRED
-
-        assertThat(exception1, `is`(exception2))
-        assertThat(exception1.hashCode(), `is`(exception2.hashCode()))
-    }
-
-    @Test
-    public fun shouldCredentialsManagerExceptionStaticInstancesBeDistinct(): Unit {
-        assertThat(CredentialsManagerException.MFA_REQUIRED, `is`(not(CredentialsManagerException.RENEW_FAILED)))
-        assertThat(CredentialsManagerException.MFA_REQUIRED, `is`(not(CredentialsManagerException.NO_CREDENTIALS)))
-        assertThat(CredentialsManagerException.MFA_REQUIRED, `is`(not(CredentialsManagerException.API_ERROR)))
-    }
-
 }
diff --git a/auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.kt b/auth0/src/test/java/com/auth0/android/authentication/storage/CredentialsManagerTest.kt
@@ -1948,6 +1948,30 @@ public class CredentialsManagerTest {
         MatcherAssert.assertThat(retrievedCredentials.scope, Is.`is`("scope"))
     }
 
+    // ========== CredentialsManagerException MFA Tests ==========
+
+    @Test
+    public fun shouldCredentialsManagerExceptionHaveNullMfaPayloadByDefault() {
+        val exception = CredentialsManagerException.RENEW_FAILED
+
+        MatcherAssert.assertThat(exception.mfaRequiredErrorPayload, Is.`is`(Matchers.nullValue()))
+        MatcherAssert.assertThat(exception.mfaToken, Is.`is`(Matchers.nullValue()))
+    }
+
+    @Test
+    public fun shouldCredentialsManagerExceptionMfaRequiredHaveCorrectMessage() {
+        val exception = CredentialsManagerException.MFA_REQUIRED
+
+        MatcherAssert.assertThat(exception.message, Matchers.containsString("Multi-factor authentication is required"))
+    }
+
+    @Test
+    public fun shouldCredentialsManagerExceptionStaticInstancesBeDistinct() {
+        MatcherAssert.assertThat(CredentialsManagerException.MFA_REQUIRED, Is.`is`(Matchers.not(CredentialsManagerException.RENEW_FAILED)))
+        MatcherAssert.assertThat(CredentialsManagerException.MFA_REQUIRED, Is.`is`(Matchers.not(CredentialsManagerException.NO_CREDENTIALS)))
+        MatcherAssert.assertThat(CredentialsManagerException.MFA_REQUIRED, Is.`is`(Matchers.not(CredentialsManagerException.API_ERROR)))
+    }
+
     private fun prepareJwtDecoderMock(expiresAt: Date?) {
         val jwtMock = mock<Jwt>()
         Mockito.`when`(jwtMock.expiresAt).thenReturn(expiresAt)
