JavaScript: Get Authenticator Assurance Level

Returns the Authenticator Assurance Level (AAL) for the active session.

• aal1 (or null) means that the user's identity has been verified only with a conventional login (email+password, OTP, magic link, social login, etc.).
• aal2 means that the user's identity has been verified both with a conventional login and at least one MFA factor.

Although this method returns a promise, it's fairly quick (microseconds) and rarely uses the network. You can use this to check whether the current user needs to be shown a screen to verify their MFA factors.

• Authenticator Assurance Level (AAL) is the measure of the strength of an authentication mechanism.
• In Supabase, having an AAL of aal1 refers to having the 1st factor of authentication such as an email and password or OAuth sign-in while aal2 refers to the 2nd factor of authentication such as a time-based, one-time-password (TOTP) or Phone factor.
• If the user has a verified factor, the nextLevel field will return aal2, else, it will return aal1.

Examples

Get the AAL details of a session

const { data, error } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel()
const { currentLevel, nextLevel, currentAuthenticationMethods } = data