Hi @khushbu,
Welcome back to the Auth0 Community
Unfortunately calling the mfa/authenticators endpoint from a front-end application is not feasible at the moment, since there is a backlog item that our engineers are still working on, so indeed calling it from a back-end is the solution at the moment.
When it comes to your call to the /mfa/associate please make sure that the audience passed in the request is associated with your canonical domain and not your custom domain, so the correct audience would be: YOUR_TENANT.REGION.auth0.com/mfa/
You can also get around using an MFA Token by passing an Access token with enrollment scope to the “mfa/associate” endpoint, as suggested in this community topic as well - Mfa association mfa-api with access token vs mfa token approach.
Thank you, and if you have further questions please let me know!
Best regards,
Remus