Grant type 'https://auth0.com/oauth/grant-type/mfa-otp' not allowed for the client

Hi all. I have a problem with Confirm OTP enrollment. It’s says
"error": "unauthorized_client", "error_description": "Grant type 'https://auth0.com/oauth/grant-type/mfa-otp' not allowed for the client.", "error_uri": "https://auth0.com/docs/clients/client-grant-types"
Also client settings. Any suggestions?

Hi there @heylexey welcome to the community!

What type of application are you working with? I’ve seen this error before when attempting to use a SPA app for example, but the settings look to be from a non-SPA app as Passwordless OTP isn’t an option for a SPA app.

Let us know!

1 Like

Hi @tyf. Thank you for your answer.
Type is Regular Web Application

Thanks for confirming!

I just ran through this flow with a test Web Application of mine set to the same settings, but was unable to reproduce. I did this manually following this article.

I’m wondering if the grant_type value itself is to blame - What happens if you set the grant_type to http://auth0.com/oauth/grant-type/mfa-otp as opposed to https://auth0.com/oauth/grant-type/mfa-otp?

FWIW, I did some research and it seems this error can come up if there is a typo as well. A bit misleading given the error itself is so specific, but worth a shot!

Let us know!

1 Like