Mfa association mfa-api with access token vs mfa token approach

Hello everyone,

I’m currently performing associations following the documentation guidelines:
https://auth0.com/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-otp-authenticators#enroll-authenticator

Though I have seen this interesting way to perform totp associations, this way it is a little simpler due to the fact that we do not need to have the mfa access token.

Following the documentation I obtain the desired results, but I would like to know if the approach carried out without the need for the mfa token still valid. If so, why wouldn’t it be mentioned ?

Thanks

Hi @douglasbr

Welcome to the Auth0 Community!

Thank you for posting your question. Both options are valid, and probably the only reason that the examples from the Knowledge Solutions are not mentioned in the Docs is that our Documentation mostly primarily focuses on the most common workflows. If that’s something that you think should be included in the Auth0 Documentation, I can talk to the Docs team and ask for details.

Thanks
Dawid

1 Like

@dawid.matuszczyk
Thanks for the answer, I’m glad to know that this “second option” is a possibility.
Regards !

@dawid.matuszczyk

In complement, I would like just to mention that by following Authentication api documentation I could validate the questioned approach, everything worked as well by passing an Access token with enrollment scope to “mfa/associate” endpoint instead of a MFA Token.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.