I have been trying to implement a custom MFA workflow in Auth0 using the details described in this page: Enroll and Challenge SMS and Voice Authenticators
I have successfully enrolled a user for MFA this way.
However, when I try to challenge the same user using the /mfa/challenge
endpoint (as described in the link above) I get this error:
{"error":"server_error","error_description":"Unauthorized"}
At first I thought I may have typo’d something so I recreated the request and sent it again but the error is the same. I have tried this with a different MFA token as well, the result is the same.
What could be causing this? I have given all grants to my APIs. Is there any other permission required for this?
There is nothing in the logs and no documentation either.