Skip to main content
POST
https://{yourDomain}
/
mfa
/
challenge
curl --request POST \
  --url https://{yourDomain}/mfa/challenge \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "mfa_token": "Fe26...Ha",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "challenge_type": "otp"
}
'
{
  "challenge_type": "otp"
}

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-ionic-capacitor-quickstart-modernization.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json
mfa_token
string
required

The MFA token received in the mfa_required error response from /oauth/token

client_id
string
required

Your application's Client ID

challenge_type
enum<string>
required

The type of MFA challenge to request

Available options:
otp,
oob
client_secret
string

Your application's Client Secret (required for confidential clients)

authenticator_id
string

The ID of a specific authenticator to challenge (optional, for users with multiple MFA methods enrolled)

oob_channel
enum<string>

The channel to use for OOB challenges (required when challenge_type is 'oob')

Available options:
sms,
voice,
auth0

Response

Challenge request successful

challenge_type
string

The type of challenge

oob_code
string

The OOB code to use when completing the challenge (for OOB challenges)

binding_method
string

The binding method for the OOB challenge