Post request to "/mfa/challenge" endpoint returns "Unauthorized" error

Sargent_D · August 24, 2020, 4:28pm

I have been trying to implement a custom MFA workflow in Auth0 using the details described in this page: Enroll and Challenge SMS and Voice Authenticators

I have successfully enrolled a user for MFA this way.

However, when I try to challenge the same user using the /mfa/challenge endpoint (as described in the link above) I get this error:

{"error":"server_error","error_description":"Unauthorized"}

At first I thought I may have typo’d something so I recreated the request and sent it again but the error is the same. I have tried this with a different MFA token as well, the result is the same.

What could be causing this? I have given all grants to my APIs. Is there any other permission required for this?

There is nothing in the logs and no documentation either.

sidharth.chaudhary · September 7, 2020, 7:43am

@Sargent_D, Posting here for general visibility as well
The issue we found during our debugging was the –header ‘Content-Type: application/json’
missing in the POST request to /mfa/challenge . It presented because this is currently missing our documentation.
https://auth0.com/docs/mfa/authenticate-with-ropg-and-mfa/enroll-challenge-sms-voice-authenticators#challenge-user-with-otp

It has been requested to be fixed in the docs.

konrad.sopala · September 7, 2020, 10:50am

Thanks for the headsup Sidharth!

system · September 22, 2020, 10:50am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.