> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Verify multi-factor authentication with one-time password (OTP) > Verifies multi-factor authentication (MFA) using a one-time password (OTP). `POST /oauth/token` Verifies multi-factor authentication (MFA) using a one-time password (OTP). To verify MFA with an OTP, prompt the user to get the OTP code, then make a request to the /oauth/token endpoint. The request must have the OTP code, the mfa\_token you received (from the mfa\_required error), and the grant\_type set to [http://auth0.com/oauth/grant-type/mfa-otp](http://auth0.com/oauth/grant-type/mfa-otp). The response is the same as responses for password or [http://auth0.com/oauth/grant-type/password-realm](http://auth0.com/oauth/grant-type/password-realm) grant types. Learn more at [Associate OTP Authenticators](https://auth0.com/docs/mfa/guides/mfa-api/otp). ### Learn More * [Associate OTP Authenticators](https://auth0.com/docs/mfa/guides/mfa-api/otp) ## Parameters A DPoP proof for the request. This is optional and only required if your application uses Demonstrating Proof-of-Possession. ## Request Body Denotes the flow you are using. For OTP MFA use `http://auth0.com/oauth/grant-type/mfa-otp`. Your application's Client ID. Your application's Client Secret. The `mfa_token` you received from `mfa_required` error. OTP Code provided by the user. A JWT containing a signed assertion with your application credentials. The value is `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`. ## Response | Status | Description | | ------ | ----------------------------------------------------------- | | 200 | OTP verification successful. | | 400 | Invalid request, such as missing parameters or invalid OTP. |