fix: apply deepCamelCase to MFA challenge response for correct oob_code mapping

The /mfa/challenge endpoint returns snake_case keys (oob_code, challenge_type,
binding_method) but multifactorChallenge() was casting the raw response directly
to MfaChallengeResponse without conversion. This caused oobCode to be undefined
while the actual data was on the oob_code key.

Apply deepCamelCase() to the response, consistent with all other API methods
in the orchestrator (userInfo, createUser, etc.).

Author: AkhtarZaman7

src/core/services/AuthenticationOrchestrator.ts

@@ -369,8 +369,7 @@ export class AuthenticationOrchestrator implements IAuthenticationProvider {
       headers
     );
     if (!response.ok) throw AuthError.fromResponse(response, json);
-    // The response is already camelCased by the API, so we can cast it directly.
-    return json as MfaChallengeResponse;
+    return deepCamelCase<MfaChallengeResponse>(json);
   }
 
   async revoke(parameters: RevokeOptions): Promise<void> {

src/core/services/__tests__/AuthenticationOrchestrator.spec.ts

@@ -626,10 +626,10 @@ describe('AuthenticationOrchestrator', () => {
       );
     });
 
-    it('multifactorChallenge should send correct payload and return response', async () => {
-      const challengeResponse = { challengeType: 'oob', oobCode: 'abc' };
+    it('multifactorChallenge should send correct payload and return camelCased response', async () => {
+      const apiResponse = { challenge_type: 'oob', oob_code: 'abc' };
       mockHttpClientInstance.post.mockResolvedValueOnce({
-        json: challengeResponse,
+        json: apiResponse,
         response: new Response(null, { status: 200 }),
       });
       const result = await orchestrator.multifactorChallenge({
@@ -648,7 +648,7 @@ describe('AuthenticationOrchestrator', () => {
         },
         undefined
       );
-      expect(result).toEqual(challengeResponse);
+      expect(result).toEqual({ challengeType: 'oob', oobCode: 'abc' });
     });
   });