Bind MFA Method and enable MFA
POST /oauth/mfa/bind
Basic Authorization (retrieve credentials from OAuth Application)
- Username: OAuth Client ID
- Password: OAuth Client Secret
- HTTP header:
Authorization: Basic base64(client_id:client_secret)
Headers
Content-Type: application/json
Request Body
| Key | Type | Required | Rule | Description |
|---|---|---|---|---|
| mfa_token | string | Mandatory | MFA token generated after validating ROPC credentials | |
| mfa_type | string | Mandatory | authenticator or email | User can choose authenticator or email as OTP provider, authenticator is preferred |
| otp_code | string | Mandatory | OTP generated by authenticator or email |
Expected HTTP status code
- 200 OK
Error
| Code | error | error_description |
|---|---|---|
400 | invalid_grant | Invalid Mfa token |
400 | invalid_grant | Mfa Activated |
400 | invalid_grant | Invalid Mfa Type |
400 | invalid_grant | Invalid Otp code |