Not able to use Challenge API For MFA

Hi @devendra.khurana

Welcome to the Auth0 Community!

I’ve checked our community for similar topics, and one stands out for me → Malformed mfa_token message when trying to challenge an user with MFA - #11 by tyf

Basically, it seems that in order to get a void MFA token for /mfa/challenge, we must use ROPG.

The /authorize endpoint with the audience and scopes is not enough, since once I pass the login there, I’m already considered login and have access_token, which allows me to enroll new MFA methods, but cannot be used as MFA token for the /mfa/challenge endpoint.

Let me know if this helps you.

Thanks
Dawid