MFA API associate call returns Internal Error


Hi there,

Unfortunately I’m quite stuck on this one, so I would like to get some help if possible. I’m trying to enrol a new MFA option via my NextJS application. I successfully connect to the MFA api and audience via the following call:

  const response = await auth0.passwordGrant({
    password: req.query.password as string,
    audience: '',
    scope: 'openid enroll read:authenticators remove:authenticators',

This works, I get a MFA accessToken and I’m able to, for example list the user’ authenticators via this call:

    const response = await fetch(`${baseURL}/mfa/authenticators`, {
      headers: {
        Authorization: `Bearer ${mfaToken}`,
        'content-type': 'application/json',

This works, also decoding my accessToken via shows that I’m using the correct audience and scopes:

But the call to actually enrol the authenticator fails with an “500 Internal error”.

    const response = await fetch(`${baseURL}/mfa/associate`, {
      method: 'POST',
      headers: {
        Authorization: `Bearer ${mfaToken}`,
        'Content-Type': 'application/json',
      body: JSON.stringify({

The body sent contains:

authenticator_types: [ 'otp' ],

So I’m kinda out of options for this one, also because the error is not descriptive at all and I can’t find anything about it online. So all help would be appreciated. Hopefully I did not forget anything. Thanks

1 Like