From ea50a0d234c05313bcf76ae3997ccea7dce12232 Mon Sep 17 00:00:00 2001
From: joel <lee.yi.jie.joel@gmail.com>
Date: Wed, 13 Nov 2024 13:23:20 +0800
Subject: [PATCH 1/2] fix: add has verified factor mfa claim

---
 internal/api/token.go        | 2 ++
 internal/hooks/auth_hooks.go | 1 +
 2 files changed, 3 insertions(+)

diff --git a/internal/api/token.go b/internal/api/token.go
index cc945f2e1..8194f3ad6 100644
--- a/internal/api/token.go
+++ b/internal/api/token.go
@@ -340,6 +340,8 @@ func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user
 		Role:                          user.Role,
 		SessionId:                     sid,
 		AuthenticatorAssuranceLevel:   aal.String(),
+		// MFA is enabled if a developer has one at least one verified factor
+		HasVerifiedFactor:             user.HasMFAEnabled(),
 		AuthenticationMethodReference: amr,
 		IsAnonymous:                   user.IsAnonymous,
 	}
diff --git a/internal/hooks/auth_hooks.go b/internal/hooks/auth_hooks.go
index 1b881d36f..c514692d2 100644
--- a/internal/hooks/auth_hooks.go
+++ b/internal/hooks/auth_hooks.go
@@ -108,6 +108,7 @@ type AccessTokenClaims struct {
 	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
 	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
 	SessionId                     string                 `json:"session_id,omitempty"`
+	HasVerifiedFactor             bool                   `json:"has_verified_factor"`
 	IsAnonymous                   bool                   `json:"is_anonymous"`
 }
 

From 147860711af0979ae8036e784b708be4337b1f62 Mon Sep 17 00:00:00 2001
From: joel <lee.yi.jie.joel@gmail.com>
Date: Wed, 13 Nov 2024 13:29:14 +0800
Subject: [PATCH 2/2] fix: run gofmt

---
 internal/api/token.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/internal/api/token.go b/internal/api/token.go
index 8194f3ad6..56a177fe6 100644
--- a/internal/api/token.go
+++ b/internal/api/token.go
@@ -333,13 +333,13 @@ func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user
 			ExpiresAt: jwt.NewNumericDate(expiresAt),
 			Issuer:    config.JWT.Issuer,
 		},
-		Email:                         user.GetEmail(),
-		Phone:                         user.GetPhone(),
-		AppMetaData:                   user.AppMetaData,
-		UserMetaData:                  user.UserMetaData,
-		Role:                          user.Role,
-		SessionId:                     sid,
-		AuthenticatorAssuranceLevel:   aal.String(),
+		Email:                       user.GetEmail(),
+		Phone:                       user.GetPhone(),
+		AppMetaData:                 user.AppMetaData,
+		UserMetaData:                user.UserMetaData,
+		Role:                        user.Role,
+		SessionId:                   sid,
+		AuthenticatorAssuranceLevel: aal.String(),
 		// MFA is enabled if a developer has one at least one verified factor
 		HasVerifiedFactor:             user.HasMFAEnabled(),
 		AuthenticationMethodReference: amr,