feat: add mfa.stepUpWithPopup() for reactive MFA step-up via Universal Login

[tusharpandey13]

Adds client-side mfa.stepUpWithPopup() that completes MFA step-up in a popup window using Auth0 Universal Login, without a full-page redirect.

How it works: When getAccessToken() throws MfaRequiredError, the app calls mfa.stepUpWithPopup({ audience }). A popup opens, the user completes MFA, and the resulting token is cached in the session and returned to the caller.

Changes

• Added mfa.stepUpWithPopup() to client helpers
• Added returnStrategy: postMessage | redirect to handleLogin
• Added popup mode handling to handleCallback()
• Updated getTokenSet, handleAccessToken to enable conditional scope merging
• Added tests for all flows
• Updated EXAMPLES.md with clear documentation.

Usage

try {
  const token = await getAccessToken({ audience: 'https://api.example.com' });
} catch (err) {
  if (err instanceof MfaRequiredError) {
    // Trigger popup MFA step-up
    const { token } = await mfa.stepUpWithPopup({
      audience: 'https://api.example.com'
    });
  }
}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 90.30023% with 42 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.08%. Comparing base (c187dec) to head (f9cca1e).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/server/auth-client.ts	73.33%	40 Missing ⚠️
src/client/mfa/index.ts	98.38%	1 Missing ⚠️
src/utils/session-helpers.ts	98.18%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2524      +/-   ##
==========================================
- Coverage   90.15%   90.08%   -0.07%     
==========================================
  Files          51       55       +4     
  Lines        6439     6831     +392     
  Branches     1292     1383      +91     
==========================================
+ Hits         5805     6154     +349     
- Misses        623      666      +43     
  Partials       11       11              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.