Though I have seen this interesting way to perform totp associations, this way it is a little simpler due to the fact that we do not need to have the mfa access token.
Following the documentation I obtain the desired results, but I would like to know if the approach carried out without the need for the mfa token still valid. If so, why wouldn’t it be mentioned ?
Thank you for posting your question. Both options are valid, and probably the only reason that the examples from the Knowledge Solutions are not mentioned in the Docs is that our Documentation mostly primarily focuses on the most common workflows. If that’s something that you think should be included in the Auth0 Documentation, I can talk to the Docs team and ask for details.
In complement, I would like just to mention that by following Authentication api documentation I could validate the questioned approach, everything worked as well by passing an Access token with enrollment scope to “mfa/associate” endpoint instead of a MFA Token.