Passer au contenu principal
POST
https://{yourDomain}
/
mfa
/
challenge
curl --request POST \
  --url https://{yourDomain}/mfa/challenge \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "mfa_token": "Fe26...Ha",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "challenge_type": "otp"
}
'
{
  "challenge_type": "otp"
}

Autorisations

Authorization
string
header
requis

The access token received from the authorization server in the OAuth 2.0 flow.

Corps

application/json
mfa_token
string
requis

The MFA token received in the mfa_required error response from /oauth/token

client_id
string
requis

Your application's Client ID

challenge_type
enum<string>
requis

The type of MFA challenge to request

Options disponibles:
otp,
oob
client_secret
string

Your application's Client Secret (required for confidential clients)

authenticator_id
string

The ID of a specific authenticator to challenge (optional, for users with multiple MFA methods enrolled)

oob_channel
enum<string>

The channel to use for OOB challenges (required when challenge_type is 'oob')

Options disponibles:
sms,
voice,
auth0

Réponse

Challenge request successful

challenge_type
string

The type of challenge

oob_code
string

The OOB code to use when completing the challenge (for OOB challenges)

binding_method
string

The binding method for the OOB challenge