Malformed mfa_token message when trying to challenge an user with MFA

I am developing an iPhone application to demonstrate the MFA using sms factor with MFA APIs for POC. I am using the authorisation flow for getting my access token (where I get a authorisation code and redeem it for an access token)earlier to MFA implementation. From the documentation, I found out that I need an MFA_token to work with MFA APIs. I added few changes with my existing authorisation process.

I am getting an MFA Token by doing the following steps:

  1. Added scope enroll read:authenticators to authorisation endpoint( i.e. “https://<my_domain>/authorize”)
  2. Added an audience: https://<my_domain>/mfa to the authorisation endpoint
    Then I make a post request to token endpoint with authorization code to get the mfa_token. The only changes I can observe is now the access token(which I presume to be the mfa_token) is in jwt format with expire time 600 sec.

By using this access token(=mfa_token) I built a custom pages for my user for enrollment and challenging the user via sms.
I am able to enroll user, confirm enrollment using this access token. But when I challenge an user using this access token I get the following error after https://YOUR_DOMAIN/mfa/challenge call.
“error”: “invalid_grant”,
“error_description”: “Malformed mfa_token”

Can anyone please say me where I am going wrong?
Is the access token same as the MFA_Token in my case?

Thanks in Advance!

Hi, just wondering if you got anywhere with this issue? I am experiencing the exact same thing you have detailed above.

Thanks in advance.