Auth0 mfa-otp grant flow sequence diagram or something like that?


I would like to know how the mfa-otp grant works. What http codes are sent back and forth. What is the potential payload and result of each http call. etc… A sequence diagram would be super helpful.

Where can I find it?


Hi @Uzlopak,

Welcome to the Auth0 Community!

I understand that you are looking for more information about the mfa-opt grant flow.

First, have you taken a look at our Resource Owner Password Flow diagram which is used in conjunction with MFA Support?

Then you can learn more in our Authenticate Using the Resource Owner Password Flow with MFA and Enroll and Challenge OTP Authenticators documentation for further details.

As for the error codes, they are consistent with the OAuth2 Specification. The success codes can be found here and the error codes here

Hoped this helps!

Please let me know if there’s anything else I can do to help.


When MFA is enabled, the response includes an mfa_requirederror and amfa_token .

Do you get a 401 Error or a different Error code? 403?

What does the abbreviation of oob stands for?

Hi @Uzlopak,

Thank you for your response.

The term OOB stands for out-of-band, used to refer to 2FA that requires a secondary verification method through a separate communication channel. In this case, it refers to using SMS, email, or authenticators for MFA.

Next, could you please provide me with the complete error message and error code when requesting the /oauth/token endpoint?

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.