Hi there.
I’m using a device code authorization (oauth/device/code) to allow log in to my application.
While scanning device code from a second device, I poll the tokens on the first device and can successfully retrieve them. e.g. (grant_type=urn:ietf:params:oauth:grant-type:device_code&device_code=$deviceCode&client_id=$clientId)
Now the problem is when I try to refresh the tokens, I get the MFA error.
curl --request POST --url ‘https://domain/oauth/token’ --header ‘content-type: application/x-www-form-urlencoded’ --data ‘grant_type=refresh_token’ –
data ‘client_id=$clientId’ --data ‘scope=openid profile email offline_access’ --data ‘refresh_token=$refreshToken’
{“error”:“mfa_required”,“error_description”:“Multifactor authentication required”,“mfa_token”:“blahblahblah”}
Could you please advice what I might be missing in order to successfully refresh the tokens?
Auth0 I’m running on is an Android native application.
Thank you.