Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

POST /oauth/token Verifies multi-factor authentication (MFA) using a one-time password (OTP). To verify MFA with an OTP, prompt the user to get the OTP code, then make a request to the /oauth/token endpoint. The request must have the OTP code, the mfa_token you received (from the mfa_required error), and the grant_type set to http://auth0.com/oauth/grant-type/mfa-otp. The response is the same as responses for password or http://auth0.com/oauth/grant-type/password-realm grant types. Learn more at Associate OTP Authenticators.

ā€‹
Learn More

ā€‹
Parameters

ā€‹
DPoP
string
A DPoP proof for the request. This is optional and only required if your application uses Demonstrating Proof-of-Possession.

ā€‹
Request Body

ā€‹
grant_type
string
required
Denotes the flow you are using. For OTP MFA use http://auth0.com/oauth/grant-type/mfa-otp.
ā€‹
client_id
string
Your applicationā€™s Client ID.
ā€‹
client_secret
string
Your applicationā€™s Client Secret.
ā€‹
mfa_token
string
required
The mfa_token you received from mfa_required error.
ā€‹
otp
string
required
OTP Code provided by the user.
ā€‹
client_assertion
string
A JWT containing a signed assertion with your application credentials.
ā€‹
client_assertion_type
string
The value is urn:ietf:params:oauth:client-assertion-type:jwt-bearer.

ā€‹
Response

StatusDescription
200OTP verification successful.
400Invalid request, such as missing parameters or invalid OTP.