Post request to "/mfa/challenge" endpoint returns "Unauthorized" error

I have been trying to implement a custom MFA workflow in Auth0 using the details described in this page: Enroll and Challenge SMS and Voice Authenticators

I have successfully enrolled a user for MFA this way.

However, when I try to challenge the same user using the /mfa/challenge endpoint (as described in the link above) I get this error:

{"error":"server_error","error_description":"Unauthorized"}

At first I thought I may have typo’d something so I recreated the request and sent it again but the error is the same. I have tried this with a different MFA token as well, the result is the same.

What could be causing this? I have given all grants to my APIs. Is there any other permission required for this?

There is nothing in the logs and no documentation either.

@Sargent_D, Posting here for general visibility as well
The issue we found during our debugging was the –header ‘Content-Type: application/json’
missing in the POST request to /mfa/challenge . It presented because this is currently missing our documentation.
https://auth0.com/docs/mfa/authenticate-with-ropg-and-mfa/enroll-challenge-sms-voice-authenticators#challenge-user-with-otp

It has been requested to be fixed in the docs.

1 Like

Thanks for the headsup Sidharth!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.