MFA Challenge 'server_error' 'Unauthorized'

I have been trying to implement a custom MFA workflow in Auth0 using the details described on this page: 5

I have successfully enrolled a user for MFA this way.

However, when it comes to the user disabling MFA I’ve run into some issues.

The API attempts to fetch a token and receives a response similar to this:


"error": "mfa_required",


"Multifactor authentication required",

"mfa_token": "Fe26...Ha"


The API then fetches the enrolled authenticators and gets a similar response similar to this:



id: 'sms|dev_gH5vQnpT4ijbPLz5',

authenticator_type: 'oob',

active: true,

oob_channel: 'sms',

name: 'XXXXXXXX5635'



The API then takes the correct ID and the mfa_token from above and requests a challenge as described here:

We’re using these request options:


method: 'POST',

url: `https://${config.auth0.domain}/mfa/challenge`,

data: {

client_id: config.auth0.clientId,

client_secret: config.auth0.clientSecret,

challenge_type: 'oob',

authenticator_id: id,

mfa_token: "Fe26...Ha"



Someone suggested in this thread, to add 'Content-Type: application/json’ to the headers, which we are also doing.

We get this error:





Can anyone help?

Would be great if someone could help!

Can anyone help out?

Would be good if someone could help

We’re still struggling with this.