Render MFA alternatives on external action waiting screen#5
Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: This PR modifies frontend UI components for MFA rendering and does not change kernel API endpoints or Temporal workflows. To monitor this PR anyway, reply with |
The backend sends mfa_options (e.g. "Try another way") alongside external action events, but ExternalActionWaiting was only receiving the message prop. Wire through mfaOptions and submitMFA so users can switch to an alternative verification method instead of being stuck waiting for a push notification. Co-authored-by: Cursor <[email protected]>
masnwilliams
force-pushed
the
mason/external-action-mfa-options
branch
from
2b30ce0 to
f38988a
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit f38988a. Configure here.
| <ExternalActionWaiting | ||
| message={state?.external_action_message ?? undefined} | ||
| mfaOptions={state?.mfa_options ?? []} | ||
| onMFASelect={submitMFA} |
There was a problem hiding this comment.
MFA submit error recovery navigates to wrong screen
Medium Severity
When submitMFA is called from the ExternalActionWaiting screen and the API call fails, the submit helper's catch block unconditionally falls back to "awaiting_input" UI state. This causes users on the external-action-waiting screen to be unexpectedly redirected to the input form (which may have no relevant fields) instead of returning to the external action screen. Polling will eventually correct the state, but there's a visible flash of the wrong screen.
Reviewed by Cursor Bugbot for commit f38988a. Configure here.
| default: | ||
| return <KeyIcon />; | ||
| } | ||
| } |
There was a problem hiding this comment.
Duplicated getMFAIcon function across two components
Low Severity
The getMFAIcon function in ExternalActionWaiting.tsx is an exact copy of the one in UnifiedAuthForm.tsx. This duplication means any future change to icon mappings (e.g. adding a passkey case) needs to be applied in two places, risking inconsistency.
Reviewed by Cursor Bugbot for commit f38988a. Configure here.
| </div> | ||
| </div> | ||
| </Button> | ||
| ))} |
There was a problem hiding this comment.
MFA options missing "switch-last" sort from UnifiedAuthForm
Low Severity
UnifiedAuthForm explicitly sorts MFA options so that "switch" types ("Try another way") always render last, with a code comment explaining this intentional design. ExternalActionWaiting renders mfaOptions in the order received from the backend without this sort. If the backend sends the "switch" option before more specific methods like TOTP or SMS, the generic fallback will appear above them, contradicting the established UX pattern.
Reviewed by Cursor Bugbot for commit f38988a. Configure here.
1 participant
Summary
mfa_options(e.g. "Try another way") alongsideAWAITING_EXTERNAL_ACTIONevents, butExternalActionWaitingwas only receiving themessageprop — dropping MFA alternatives on the floor.mfaOptionsandsubmitMFAthrough toExternalActionWaitingso users can switch to an alternative verification method (TOTP, SMS, etc.) instead of being stuck waiting for a push notification that may not arrive.Button/slot/icon pattern fromUnifiedAuthForm's MFA option rendering.Test plan
Made with Cursor
Note
Medium Risk
Adds interactive MFA-selection controls to the external-action waiting step and wires them to
submitMFA, which could affect authentication flow transitions if option handling is incorrect.Overview
External-action waiting now surfaces alternate MFA methods.
KernelManagedAuthpasses backendmfa_optionsintoExternalActionWaitingand hooks selection tosubmitMFA(with loading/disable state).ExternalActionWaitingis extended to render a list of secondary buttons for provided MFA options, including per-MFATypeicons and slot keys for customization; styles add layout for the alternatives section. The demo state picker adds anawaiting_external_action_multiscenario and updates the existing external-action state to display these options.Reviewed by Cursor Bugbot for commit f38988a. Bugbot is set up for automated code reviews on this repo. Configure here.