Malformed mfa_token message when trying to challenge an user with MFA

I am developing an iPhone application to demonstrate the MFA using sms factor with MFA APIs for POC. I am using the authorisation flow for getting my access token (where I get a authorisation code and redeem it for an access token)earlier to MFA implementation. From the documentation, I found out that I need an MFA_token to work with MFA APIs. I added few changes with my existing authorisation process.

I am getting an MFA Token by doing the following steps:

  1. Added scope enroll read:authenticators to authorisation endpoint( i.e. “https://<my_domain>/authorize”)
  2. Added an audience: https://<my_domain>/mfa to the authorisation endpoint
    Then I make a post request to token endpoint with authorization code to get the mfa_token. The only changes I can observe is now the access token(which I presume to be the mfa_token) is in jwt format with expire time 600 sec.

By using this access token(=mfa_token) I built a custom pages for my user for enrollment and challenging the user via sms.
I am able to enroll user, confirm enrollment using this access token. But when I challenge an user using this access token I get the following error after https://YOUR_DOMAIN/mfa/challenge call.
{
“error”: “invalid_grant”,
“error_description”: “Malformed mfa_token”
}

Can anyone please say me where I am going wrong?
Is the access token same as the MFA_Token in my case?

Thanks in Advance!

1 Like

Hi, just wondering if you got anywhere with this issue? I am experiencing the exact same thing you have detailed above.

Thanks in advance.

Hi, I’ve been having the same issue with the same error response. The associate and confirm MFA endpoints are working but the challenge does not.

Auth0 team, please reply on this topic.

Thanks!

Anyone have any idea about this, I am getting same issue.