I am developing an iPhone application to demonstrate the MFA using sms factor with MFA APIs for POC. I am using the authorisation flow for getting my access token (where I get a authorisation code and redeem it for an access token)earlier to MFA implementation. From the documentation, I found out that I need an MFA_token to work with MFA APIs. I added few changes with my existing authorisation process.
I am getting an MFA Token by doing the following steps:
- Added scope enroll read:authenticators to authorisation endpoint( i.e. “https://<my_domain>/authorize”)
- Added an audience: https://<my_domain>/mfa to the authorisation endpoint
Then I make a post request to token endpoint with authorization code to get the mfa_token. The only changes I can observe is now the access token(which I presume to be the mfa_token) is in jwt format with expire time 600 sec.
By using this access token(=mfa_token) I built a custom pages for my user for enrollment and challenging the user via sms.
I am able to enroll user, confirm enrollment using this access token. But when I challenge an user using this access token I get the following error after https://YOUR_DOMAIN/mfa/challenge call.
“error_description”: “Malformed mfa_token”
Can anyone please say me where I am going wrong?
Is the access token same as the MFA_Token in my case?
Thanks in Advance!