When I use MFA with SMS and I am sending the binding_code with the rest of the data I get a 401 error
{ error: ‘access_denied’, error_description: ‘Unauthorized’ }. Generally I use a grant_type: ‘http://auth0.com/oauth/grant-type/password-realm’ to login and then do the full flow for MFA using OOB. It is at the very last step of verifying my SMS code that I get the error. I have allowed MFA grant type for my application in Dashboard > advanced settings > grant types. I am absolutely stuck at this point.
What I send:
const headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
const options = {
mfa_token: mfaToken,
oob_code: oobCode,
binding_code: bindingCode,
grant_type: 'http://auth0.com/oauth/grant-type/mfa-oob',
client_id: config.auth0.AUTH0_REACT_NATIVE_CLIENT_ID,
client_secret: config.auth0.AUTH0_REACT_NATIVE_CLIENT_SECRET
};
const result = await axios.post(`https://${config.auth0.AUTH0_DOMAIN}/oauth/token`, options, {
headers
})