We are implementing MFA via SMS but would like to have everything happen on our application instead of using the Auth0 guardian widget.
I noticed there are sufficient public APIs for sending the MFA challenge and verifying the code, but I cannot find any API for enrolling a device on the initial setup. I looked at the network calls from the widget and saw that there is a call to this endpoint (https://{{tenant}}.guardian.auth0.com/api/device-accounts/split-up-authenticator/sms-enroll).
However, this requires an Authorization header with a token which has scopes that I can’t seem to generate. I am wondering if there is any way to enroll a device via APIs or through auth0-guardian.js.
Another option I have thought of is placing the widget page in a small iframe and then matching the domain. this would possibly allow us to send javascript to it and fill out and complete the form. It seems very hacky, and an API would be preferable.
Hey @ricardo.batista,
Thanks for the response and for all the information. However, it’s still not clear how I would actually submit the phone number via an API, or if that’s even possible. I understand that this endpoint provides a ticket and a URL pointing back to the widget, but is it possible to enroll a device without going through the widget?
The ticket doesn’t work on the endpoint used internally by the widget, i am missing a {{requestToken}} which is sent in an authorization header. I’m not sure how to create this or if it’s only used internally by Auth0.
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?