Errors Obtaining MFA Token

auth0.knowledge2 · January 30, 2025, 9:18pm

Overview

Authenticating users using the Resource Owner Password Flow with Multifactor Authentication (MFA) to obtain an MFA token encounters issues when the password contains an & symbol.

If the user password has the & character at the beginning of the password, it gives the error
- missing required parameter password
If the & character is in the middle of the password, it gives us the error
- incorrect username and password

Applies To

MFA Token
Resource Owner Password Grant (ROPG)
Password

Cause

This is expected because the call does not use the correct URL encoding. If the password uses the & symbol, it must be encoded.

Solution

Research the correct way to encode the URL parameter for the language or tool used to make the request to the token endpoint.

For example, the cURL command uses the --data-urlencode method as in the provided example:

curl --request POST \

 --url 'https://YOUR_DOMAIN/oauth/token' \

 --header 'content-type: application/x-www-form-urlencoded' \

 --data grant_type=password \

 --data 'username=test@email.com' \

 --data-urlencode 'password=&Test1234!' \

 --data 'audience=API_IDENTIFIER' \

 --data scope=openid profile \

 --data 'client_id=CLIENT_ID' \

 --data 'client_secret=CLIENT_SECRET'

Topic		Replies	Views
How to request accesstoken with Resource Owner Password grant when MFA enabled Help mfa	4	3798	March 2, 2018
Mfa_token is not returning when login via Resource Owner Password post method - SOLVED Help mfa , mfa-api	0	99	July 4, 2024
Custom MFA via Actions and ROP Flow Does Not Return an mfa_token Knowledge Articles resource-owner-passw , mfa-policy , ropg , multifactor	1	238	April 26, 2024
MFA token not genarating can help any one? Help mfa , mfa-api	0	247	February 29, 2024
MFA Challenge in resource owner flow results in Unauthorized error Help mfa	9	3217	April 8, 2022

Errors Obtaining MFA Token

Overview

Applies To

Cause

Solution

Related topics