MFA One Time Password - Unauthorised


I’ve created a React SPA using the ‘Create Application’ feature in getting started. I’ve enabled One-Time Password only in the MFA settings and added http://localhost:3000 to Allowed Callback URLs, Allowed Web Origins and Allowed Logout URLs in the application settings. The MFA works fine up to the point of successful authentication using Authy OTP, but when it tries to redirect to my desired ‘redirect_uri’ which is simply http://localhost:3000 a 401 is returned via /mf?provider=guardian&state=… with ‘Unauthorized’ in the top left corner.


Hello Sophia!
I would first recommend if you are using any social providers, to get the dev keys for those social providers. The auth0 dev key for social connections has severe limitations.

If you continue to experience issues, could you provide your tenant name and would it be possible to provide a HAR file in a private message? You can find instructions on how to create them here:

1 Like

Thanks Karen, I was missing the dev keys from the social provider. It’s working now

1 Like

Glad you have it working!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.