Verify MFA Code
POST /oauth/mfa/verify
Basic Authorization (retrieve credentials from OAuth Application)
- Username: OAuth Client ID
- Password: OAuth Client Secret
- HTTP header:
Authorization: Basic base64(client_id:client_secret)
Headers
Content-Type: application/json
Request Body
| Key | Type | Required | Rule | Description |
|---|---|---|---|---|
| mfa_token | string | Mandatory | MFA token generated after validating ROPC credentials | |
| otp_code | string | Mandatory | One time password |
Expected HTTP status code
- 200
Response
| Name | Type | Description |
|---|---|---|
| access_token | string | Bearer access token |
| token_type | string | Always Bearer |
| expires_in | number | Token lifetime in seconds |
| refresh_token | string | Refresh token |
Error
| Code | error | error_description |
|---|---|---|
400 | invalid_grant | Invalid Mfa token |
400 | invalid_grant | Invalid or expired OTP code |