mfaLevel: MFA_LEVELS.OPTIONAL is not working

bsrinath4839 · September 9, 2025, 6:17am

I am using “@web3auth/modal”: “^10.3.0”.

import { MFA_LEVELS, WEB3AUTH_NETWORK } from "@web3auth/modal";
import { Web3AuthContextConfig } from "@web3auth/modal/react";

const clientId = "BNPm6P51gixcR2YhGlFPAh2YQ_G5tZ6oXTF1NXqfrvXuiPsfpPTML-zn1Ah66q6x55gmF_grh9qtsbD3byMPh-4";

const web3AuthConfig: Web3AuthContextConfig = {
  web3AuthOptions: {
    clientId,
    mfaLevel: MFA_LEVELS.OPTIONAL,
    web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_DEVNET,
  },
};

export default web3AuthConfig;

import { useWeb3AuthConnect, useWeb3AuthDisconnect, useWeb3AuthUser } from "@web3auth/modal/react";
import { AUTH_CONNECTION, WALLET_CONNECTORS } from "@web3auth/modal";
import { useEffect, useState } from "preact/hooks";


const App = () => {

  const { userInfo } = useWeb3AuthUser();
  const [isAuthenticated, setIsAuthenticated] = useState(!!userInfo)
  const { connectTo } = useWeb3AuthConnect();
  const { disconnect } = useWeb3AuthDisconnect()

  useEffect(() => {
    setIsAuthenticated(!!userInfo);
  }, [userInfo]);

  const loginWithGoogle = async () => {
    await connectTo(WALLET_CONNECTORS.AUTH, {
      authConnection: AUTH_CONNECTION.GOOGLE,
    });
  }

  const logout = () => {
    disconnect()
  }

  return (
    <>
      <button onClick={loginWithGoogle}> Google</button>
      <button onClick={logout}>Logout</button>
      {
        isAuthenticated ? <pre>{JSON.stringify(userInfo, null, 4)}</pre> : null
      }
    </>
  );
};

export default App;

It is asking for MFA even after mfaLevel: MFA_LEVELS.OPTIONAL.

w3abot · September 9, 2025, 6:20am

Here’s a summary of your issue and the details needed for the support team:

Issue Summary

You are using the Web3Auth Modal SDK (@web3auth/modal version ^10.3.0) in a React (Preact) application, and have set mfaLevel: MFA_LEVELS.OPTIONAL in your web3AuthOptions config. However, users are still being prompted for MFA (Multi-Factor Authentication) when logging in with Google, which is not the expected behavior.

Screenshot Provided: Yes (shows MFA prompt despite OPTIONAL setting)

Details Provided

SDK: @web3auth/modal
SDK Version: ^10.3.0
Platform: React (Preact) web app
Network: SAPPHIRE_DEVNET
Login Method: Google (via AUTH_CONNECTION.GOOGLE)
MFA Config: mfaLevel: MFA_LEVELS.OPTIONAL
Code Snippets: Yes (full initialization and login code)
Screenshot: Yes

Additional Context

You are following the v10 migration and advanced configuration guides.
No custom MFA factors (mfaSettings) are set—just the mfaLevel: OPTIONAL.
You expect that users should not be forced to set up MFA unless they choose to.

What the Support Team Might Need Next

Are you using any custom authentication providers or just the default social logins?
(From your code, it appears to be just Google—please confirm if any custom verifiers are involved.)
Is this behavior consistent across all users/accounts, or only for specific ones?
Is your project/clientId configured with any default MFA policies in the Web3Auth Dashboard?
(Sometimes dashboard settings can override code-level configs.)

Proposed Solution / Troubleshooting Steps

Check Dashboard Settings:
In Web3Auth v10, some authentication and MFA settings are now managed via the Web3Auth Dashboard. Please ensure that the MFA policy for your project/clientId is not set to “Mandatory” in the dashboard, as this can override the SDK config.

Explicitly Set mfaSettings:
If you want more granular control, you can specify mfaSettings to disable/enable individual factors. See the MFA Advanced Configuration Docs.

Example:

import { MFA_LEVELS, WEB3AUTH_NETWORK, MFA_FACTOR } from "@web3auth/modal";
const web3AuthOptions = {
  clientId: "YOUR_CLIENT_ID",
  web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_DEVNET,
  mfaLevel: MFA_LEVELS.OPTIONAL,
  mfaSettings: {
    [MFA_FACTOR.DEVICE]: { enable: false },
    [MFA_FACTOR.BACKUP_SHARE]: { enable: false },
  },
};

Clear Browser Cache/Incognito:
Sometimes old sessions or cached configs can cause unexpected behavior. Try logging in with a fresh session.
Check for Known Issues:
There have been some community reports about MFA settings not propagating correctly if overridden at the dashboard level.

Next Steps

Please confirm if your dashboard MFA policy is set to “Optional” or “Mandatory.”
Let us know if you are using any custom authentication or only default social logins.
If possible, provide a screenshot of your project’s MFA settings from the dashboard.

References:

Thank you for providing detailed code and a screenshot! Once you confirm the dashboard settings or answer the above, the support team can help further diagnose or escalate if this is a bug.

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours

maharshi · September 9, 2025, 6:42am

This would happen if you have already MFA set up. Even if you change the parameter none now, it cannot will back the MFA setup. This would be applicable for all new users who have yet to undergo MFA onboarding.
This is not the correct understanding that tweaking this parameter will disable MFA, which will make the MFA as a feature non functional.

bsrinath4839 · September 9, 2025, 6:53am

@maharshi
So, how do I disable or make MFA optional for my project?

maharshi · September 9, 2025, 7:02am

The option you’ve set is the right one. But you cannot disable MFA for users who have already set up MFA factors. They will be asked for it time and again as required.
For all the users that would be logging in for the first time, after you’ve set the MFA as none, will never be asked for MFA again.

bsrinath4839 · September 9, 2025, 7:07am

It means it works only for future users, not for the already existing users.
That is so bad. Is there any way to disable it for all users?

maharshi · September 9, 2025, 7:10am

Unfortunately, there is not.
If you aren’t on production, you can create a new project(if custom connection) but mind you, that would change the keys.

bsrinath4839 · September 9, 2025, 11:16am

I have changed the Project.
and trying with new clientId

const clientId = “BCX6yZW1kxhgDOTyT7YQMftRcgj4qcYg-XcgqtvkUt5diofzSM6_ansVmPaeFB03RJj5St0raIohgJHkNfeGNqA”;

const web3AuthConfig: Web3AuthContextConfig = {
web3AuthOptions: {
clientId,
mfaLevel: MFA_LEVELS.NONE,
web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_DEVNET,
},
};

Still, I am getting the MFA screen.

The thing is, the MFA screen is also different. It used to be like the below. But it is different as above.

maharshi · September 9, 2025, 11:28am

For default connections, the MFA is shared across Dapps, it is extended to all the dapps using a default connection.
Please make a custom connection with the same or different project id, and that would help you have control over MFA from scratch

bsrinath4839 · September 9, 2025, 11:30am

I didn’t get you.

Can you elaborate?

I just need Google Login and email_passwordless login with MFA optional

maharshi · September 9, 2025, 11:34am

See, @bsrinath4839
There are two kind of connections on Web3Auth dashboard. Ones managed by Web3Auth are called default connections. Ones created by you via different providers like Auth0 and Firebase then integrated with their credential to Web3Auth dashboard are called custom connections.