How do I implement Embedded Login using OTP (sms) and MFA?

I am having trouble setting up OTP and MFA using embedded login for our application.

Using Twillio and Auth0, I have managed to set up a phone number that sends a OTP. From here, using API calls we are able to use this OTP and get an MFA token. However, whenever I try and use this MFA token to authenticate myself/user it claims the mfa token can’t be found. I am finding the documentation very confusing and seeing several different code segments, I’m not sure if I’m using the right code or steps.

This is the order of the curl commands I’m using, which I plan to implement as API calls in my react native code but I can’t figure out if i’m doing the steps correctly:

curl --request POST \
  --url 'https://our_domain/passwordless/start' \
  --header 'content-type: application/json' \                 
  --data '{ "client_id": "our_client_id",  "connection": "sms",  "phone_number": "number", "send": "code"}'


For this curl command, I’m not sure if I’m putting the right audience and scope:

curl --request POST \
  --url 'https://our_domain/oauth/token' \
  --header 'content-type: application/json' \
  --data '{ "grant_type": "",  "client_id": "our_client_id",  "username": "phone_number",  "otp": "code",  "realm": "sms", "audience": "https://domain/api/v2/", "scope": "openid"}'

{"error":"mfa_required","error_description":"Multifactor authentication required","mfa_token":"long_string_of_characters"}
curl --request POST \
  --url 'https://our_domain/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type= \
  --data 'client_id=client_id' \
  --data client_secret= client_secret\
  --data mfa_token=token_given_from_last_curl_command \
  --data otp=otp

zsh: no matches found: mfa_token=the_mfa_i_got_from_last_comand

@erin1 did u able to solve the issue?

i did like this,

curl --request POST
–url ‘https://our_domain/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=
–data ‘client_id=client_id’
–data client_secret= client_secret
–data ‘mfa_token=token_given_from_last_curl_command’
–data ‘otp=otp’

wrapped mfa_token=token_given_from_last_curl_command and otp=otp in quotation markes , then it worked,