We are trying to integrate Auth0 with our existing app. For transactions, we are using MFA. Currently, when a user makes a transaction request then backend service asks for MFA (If SMS based MFA is setup then it asks existing auth service to send OTP to the user). And mobile app asks the user for the OTP received in SMS. Once backend service receives the request with OTP then it forwards it(OTP) to auth service and auth service verifies OTP. On successful verification of OTP transaction service completes the transaction.
We want to implement the same flow in Auth0. I know the recommendation is through actions and scopes. But we have a lot of consumer, first we would like to integrate Auth0 and then ask our consumers to move to the recommended way through scopes.
- is there a way to achieve our existing flow?
- Do we have any APIs that takes access_token and sends OTP to the user. and other API to verify OTP using access_token?