Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

POST /mfa/associate Associates or adds a new authenticator for multi-factor authentication (MFA). If the user has active authenticators, an Access Token with the enroll scope and the audience set to https://{yourDomain}/mfa/ is required to use this endpoint. If the user has no active authenticators, you can use the mfa_token from the mfa_required error in place of an Access Token for this request. After an authenticator is added, it must be verified. To verify the authenticator, use the response values from the /mfa/associate request in place of the values returned from the /mfa/challenge endpoint and continue with the verification flow. A recovery_codes field is included in the response the first time an authenticator is added. You can use recovery_codes to pass multi-factor authentication as shown on Verify with recovery code above. To access this endpoint, you must set an Access Token at the Authorization header, with the following claims:
  • scope: enroll
  • audience: https://{yourDomain}/mfa/

Parameters

client_id
string
required
Your application’s Client ID.
client_assertion
string
A JWT containing a signed assertion with your application credentials. Required when Private Key JWT is your application authentication method.
client_assertion_type
string
The value is urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Required when Private Key JWT is the application authentication method.
client_secret
string
required
Your application’s Client Secret. Required when the Token Endpoint Authentication Method field in your Application Settings is Post or Basic.
authenticator_types
array
required
Value is an array with values ‘otp’ or ‘oob’.
oob_channels
array
Required if authenticator_types include oob.
phone_number
string
The phone number to use for SMS or Voice. Required if oob_channels includes sms or voice.

Response

StatusDescription
200Successful response for adding an authenticator.
400Bad request due to missing or invalid parameters.
401Unauthorized, invalid access token or mfa_token.