Hi @alindelbert,
Thanks for your question.
I recommend referring to our Error: Missing Refresh Token knowledge article on the error you experienced. Essentially, you might also need to pass in the scope=offline_access in your login request.
Let me quickly add that calling the getAccessTokenSilently() method with https://yourDomain.us.auth0.com/mfa/ as the audience will enforce MFA. Meaning that the user must complete MFA to get an MFA API token, as mentioned this documentation.
While you can specify a secondary audience and silently authenticate, in this specific instance, because MFA is required, the user won’t need to provide their credentials again but will still need to complete MFA.
The alternative is to use the ROPG grant flow to get an MFA API access token.
Let me know how this works for you.
Best,
Rueben