MFA with custom login

wesley.litton · January 20, 2020, 4:38pm

Hello,

I am trying to incorporate MFA (specifically oob) into my custom login page app.

I am currently using the auth0.js SDK for login which works great.

It returns me mfa_required response 403 and the mfa_token.

I have read numerous tutorials and tried for days now to call /mfa/challenge with no luck and only get 401 Unauthorized errors.

I have run out of options can someone please point me in the right direction? Thanks!

lily.wisecarver · February 4, 2020, 11:17pm

Hi @wesley.litton,

Welcome and thank you for posting in Auth0 Community!

If you have an access token with the enroll scope and the audience set to https://YOUR_DOMAIN/mfa/ you can use the Access Token as the mfa_token to call the /oauth/token` endpoint.

Call the /mfa/associate endpoint with the Access Token in the Security header.
Call the /oauth/token endpoint with

mfa_token - Access token you used to call /mfa/associate endpoint.
oob_code - Received in step 1.
binding_code - Verification code received in the SMS.

This allows you to enroll the new number with the user profile.

Also, make sure to send client_secret in the second /oauth/token call with the verification code, and also remove the binding_method (if you have it) field as well?

Let me know how it goes. If you require any further assistance, please let me know. I will do my best to assist you.

dharasis.behera · June 10, 2021, 3:47pm

I also came across the problem of calling /mfa/challenge endpoint. I am using the same Access token(=mfa_token) I got by setting enroll scope and the audience to https://YOUR_DOMAIN/mfa/ while calling the /authorize endpoint as I am using the authorisation code flow. I was able to enroll the authenticator successfully by using the access token(=mfa_token) by calling /mfa/associate and /oauth/token endpoints. But unfortunately, I am not able to call /mfa/challenge endpoint with the same access token & getting response as:
{
“error”: “invalid_grant”,
“error_description”: “Malformed mfa_token”
}

I have been stuck to this problem since 1 week and it seems there is no luck for me.

roli · November 16, 2021, 1:35pm

Hi, I’ve been having the same issue. The associate and confirm MFA endpoints accepts the token but the challenge does not.

Auth0 team, please reply on this topic.

Thanks!

devendra.khurana · November 25, 2023, 4:20pm

Facing Similar Issue how to use Challenge endpoint. Please help!!!