Hi @richardb,
Thank you for your post and sorry for the late reply.
In order to achieve this you can follow the ROPG with MFA flow.
Firstly please make sure that you enable the MFA grant type for your application from Auth0 Dashboard > Applications > Advanced Settings > Grant Types.
The request made has to be similar to this:
var options = {
method: 'POST',
url: 'https://{yourTenantName}.us.auth0.com/oauth/token',
headers: {'content-type': 'application/x-www-form-urlencoded'},
data: new URLSearchParams({
grant_type: 'password',
username: 'user@example.com',
password: 'pwd',
client_id: '{yourClientId}',
client_secret: '{yourClientSecret}',
audience: 'https://someapi.com/api',
scope: 'openid profile read:sample'
})
};
Afterwards you can follow our documentation on how to Enroll and Challenge Push Authenticators.
Otherwise your approach can get trickier a bit, so i would recommend checking out this community post.
Another option would be implementing your custom login within Actions and challenge the user for a push notification, with examples here.
I hope this helped.
Thanks,
Remus