> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-fix-docs-5528-php-updates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# SMSおよび音声Authenticatorの登録とチャレンジ

> SMSや音声を認証要素として独自のMFAフローを構築する方法を説明します。

export const AuthCodeGroup = ({children, dropdown}) => {
  const [processedChildren, setProcessedChildren] = useState(children);
  useEffect(() => {
    let unsubscribe = null;
    function init() {
      unsubscribe = window.autorun(() => {
        const processChildren = node => {
          if (typeof node === "string") {
            let processedNode = node;
            for (const [key, value] of window.rootStore.variableStore.values.entries()) {
              const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
              processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value);
            }
            return processedNode;
          } else if (Array.isArray(node)) {
            return node.map(processChildren);
          } else if (node && node.props && node.props.children) {
            return {
              ...node,
              props: {
                ...node.props,
                children: processChildren(node.props.children)
              }
            };
          }
          return node;
        };
        setProcessedChildren(processChildren(children));
      });
    }
    if (window.rootStore) {
      init();
    } else {
      window.addEventListener("adu:storeReady", init);
    }
    return () => {
      window.removeEventListener("adu:storeReady", init);
      unsubscribe?.();
    };
  }, [children]);
  return <CodeGroup dropdown={dropdown}>{processedChildren}</CodeGroup>;
};

export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
  const [displayText, setDisplayText] = useState(children);
  const [copyText, setCopyText] = useState(children);
  const wrapperRef = React.useRef(null);
  useEffect(() => {
    let unsubscribe = null;
    function init() {
      if (!window.autorun || !window.rootStore) {
        return;
      }
      unsubscribe = window.autorun(() => {
        let processedChildrenForDisplay = children;
        let processedChildrenForCopy = children;
        for (const [key, value] of window.rootStore.variableStore.values.entries()) {
          const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
          let displayValue = value;
          if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
            displayValue = value.substring(0, 3) + "*****MASKED*****";
          }
          processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
          processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
        }
        setDisplayText(processedChildrenForDisplay);
        setCopyText(processedChildrenForCopy);
      });
    }
    if (window.rootStore) {
      init();
    } else {
      window.addEventListener("adu:storeReady", init);
    }
    return () => {
      window.removeEventListener("adu:storeReady", init);
      unsubscribe?.();
    };
  }, [children]);
  useEffect(() => {
    if (!wrapperRef.current) return;
    const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
    let isOverriding = false;
    const handleClick = e => {
      const button = e.target.closest('[data-testid="copy-code-button"]');
      if (!button || !wrapperRef.current.contains(button)) return;
      isOverriding = true;
      navigator.clipboard.writeText = text => {
        if (isOverriding) {
          isOverriding = false;
          navigator.clipboard.writeText = originalWriteText;
          return originalWriteText(copyText);
        }
        return originalWriteText(text);
      };
      setTimeout(() => {
        if (isOverriding) {
          isOverriding = false;
          navigator.clipboard.writeText = originalWriteText;
        }
      }, 100);
    };
    const wrapper = wrapperRef.current;
    wrapper.addEventListener('click', handleClick, true);
    return () => {
      wrapper.removeEventListener('click', handleClick, true);
      if (navigator.clipboard.writeText !== originalWriteText) {
        navigator.clipboard.writeText = originalWriteText;
      }
    };
  }, [copyText]);
  return <div ref={wrapperRef}>
      <CodeBlock filename={filename} icon={icon} language={language} lines highlight={highlight}>
        {displayText}
      </CodeBlock>
    </div>;
};

Auth0は、[ユニバーサルログイン](/docs/ja-jp/authenticate/login/auth0-universal-login)を使用した組み込みの<Tooltip data-tooltip-id="react-containers-DefinitionTooltip-0" href="/docs/ja-jp/glossary?term=multifactor-authentication" tip="多要素認証（MFA）: ユーザー名とパスワードに加えて、SMS経由のコードなどの要素を使用するユーザー認証プロセス。" cta="用語集の表示">MFA</Tooltip>登録と認証フローを提供します。ただし、独自のインターフェイスを作成したい場合は、[MFA API](/docs/ja-jp/secure/multi-factor-authentication/multi-factor-authentication-developer-resources/mfa-api)を使用することもできます。

## 前提条件

MFA APIを使用するには、事前にアプリケーションに対してMFAの付与タイプを有効にする必要があります。[［Auth0 Dashboard］>［Applications（アプリケーション）］>［Advanced Settings（詳細設定）］>［Grant Types（付与タイプ）］](https://manage.auth0.com/#/applications)に移動し、\*\*［MFA］\*\*を選択します。

* Dashboardまたは[Management API](/docs/api/management/v2#!/Guardian/put_factors_by_name)を使って[電話を要素として構成します](/docs/ja-jp/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-sms-voice-notifications-mfa)。

## SMSまたは音声で登録する

### MFAトークンを取得する

登録をトリガーするタイミングによっては、以下のような方法で、MFA APIを使用するためのアクセストークンを取得できます。

* 認証中に登録する場合は、[「リソース所有者のパスワード付与とMFAで認証する」](/docs/ja-jp/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa)を参照してください。
* ユーザーがいつでも要素を登録できるようにする場合は、[「MFA要素の登録を管理する」](/docs/ja-jp/secure/multi-factor-authentication/manage-mfa-auth0-apis/manage-authenticator-factors-mfa-api)を参照してください。

### Authenticatorを登録する

ユーザーの鑑別工具を登録するには、MFA Associateエンドポイントに `POST`要求を送信します。このエンドポイントに必要なベアラートークンは、前の手順で取得したMFAトークンです。

SMSや音声で登録するには、SMSまたは音声でチャレンジできる電話番号を使って登録します。以下のパラメーターを指定してエンドポイントを呼び出します。`oob_channels`パラメーターは、ユーザーにコードを送信する方法（SMSまたは音声）を指定します。

<AuthCodeGroup>
  ````bash cURL theme={null}
  curl --request POST \
  --url 'https://{yourDomain}/mfa/associate' \
  --header 'authorization: Bearer {mfaToken}' \
  --header 'content-type: application/json' \
  --data '{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }'
  ``` lines
  ```csharp C#
  var client = new RestClient("https://{yourDomain}/mfa/associate");
  var request = new RestRequest(Method.POST);
  request.AddHeader("authorization", "Bearer {mfaToken}");
  request.AddHeader("content-type", "application/json");
  request.AddParameter("application/json", "{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }", ParameterType.RequestBody);
  IRestResponse response = client.Execute(request);
  ````

  ````go Go theme={null}
  package main
  import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
  )
  func main() {
  url := "https://{yourDomain}/mfa/associate"
  payload := strings.NewReader("{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }")
  req, _ := http.NewRequest("POST", url, payload)
  req.Header.Add("authorization", "Bearer {mfaToken}")
  req.Header.Add("content-type", "application/json")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)
  fmt.Println(res)
  fmt.Println(string(body))
  }
  ``` lines
  ```java Java
  HttpResponse response = Unirest.post("https://{yourDomain}/mfa/associate")
  .header("authorization", "Bearer {mfaToken}")
  .header("content-type", "application/json")
  .body("{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }")
  .asString();
  ````

  ````javascript Node.JS theme={null}
  var axios = require("axios").default;
  var options = {
  method: 'POST',
  url: 'https://{yourDomain}/mfa/associate',
  headers: {authorization: 'Bearer {mfaToken}', 'content-type': 'application/json'},
  data: {authenticator_types: ['oob'], oob_channels: ['sms'], phone_number: '+11...9'}
  };
  axios.request(options).then(function (response) {
  console.log(response.data);
  }).catch(function (error) {
  console.error(error);
  });
  ``` lines
  ```objc Obj-C
  #import 
  NSDictionary \*headers = @{ @"authorization": @"Bearer {mfaToken}",
  @"content-type": @"application/json" };
  NSDictionary \*parameters = @{ @"authenticator_types": @[ @"oob" ],
  @"oob_channels": @[ @"sms" ],
  @"phone_number": @"+11...9" };
  NSData \*postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
  NSMutableURLRequest \*request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/mfa/associate"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
  [request setHTTPMethod:@"POST"];
  [request setAllHTTPHeaderFields:headers];
  [request setHTTPBody:postData];
  NSURLSession \*session = [NSURLSession sharedSession];
  NSURLSessionDataTask \*dataTask = [session dataTaskWithRequest:request
  completionHandler:^(NSData \*data, NSURLResponse \*response, NSError \*error) {
  if (error) {
  NSLog(@"%@", error);
  } else {
  NSHTTPURLResponse \*httpResponse = (NSHTTPURLResponse \*) response;
  NSLog(@"%@", httpResponse);
  }
  }];
  [dataTask resume];
  ````

  ````php PHP theme={null}
  $curl = curl_init();
  curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/mfa/associate",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }",
  CURLOPT_HTTPHEADER => [
  "authorization: Bearer {mfaToken}",
  "content-type: application/json"
  ],
  ]);
  $response = curl_exec($curl);
  $err = curl_error($curl);
  curl_close($curl);
  if ($err) {
  echo "cURL Error #:" . $err;
  } else {
  echo $response;
  }
  ``` lines
  ```python Python
  import http.client
  conn = http.client.HTTPSConnection("")
  payload = "{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }"
  headers = {
  'authorization': "Bearer {mfaToken}",
  'content-type': "application/json"
  }
  conn.request("POST", "/{yourDomain}/mfa/associate", payload, headers)
  res = conn.getresponse()
  data = res.read()
  print(data.decode("utf-8"))
  ````

  ````ruby Ruby theme={null}
  require 'uri'
  require 'net/http'
  require 'openssl'
  url = URI("https://{yourDomain}/mfa/associate")
  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  request = Net::HTTP::Post.new(url)
  request["authorization"] = 'Bearer {mfaToken}'
  request["content-type"] = 'application/json'
  request.body = "{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }"
  response = http.request(request)
  puts response.read_body
  ``` lines
  ```swift Swift
  import Foundation
  let headers = [
  "authorization": "Bearer {mfaToken}",
  "content-type": "application/json"
  ]
  let parameters = [
  "authenticator_types": ["oob"],
  "oob_channels": ["sms"],
  "phone_number": "+11...9"
  ] as [String : Any]
  let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/mfa/associate")! as URL,
  cachePolicy: .useProtocolCachePolicy,
  timeoutInterval: 10.0)
  request.httpMethod = "POST"
  request.allHTTPHeaderFields = headers
  request.httpBody = postData as Data
  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  print(error)
  } else {
  let httpResponse = response as? HTTPURLResponse
  print(httpResponse)
  }
  })
  dataTask.resume()
  ````
</AuthCodeGroup>

| パラメーター                 | 値                                                             |
| ---------------------- | ------------------------------------------------------------- |
| `authentication_types` | `[oob]`                                                       |
| `oob_channels`         | `[sms]`または`[voice]`                                           |
| `phone_number`         | `+11...9`、[E.164形式](https://en.wikipedia.org/wiki/e.164)の電話番号 |

成功すると、次のような応答を受け取ります：

```json lines theme={null}
{
  "authenticator_type": "oob",
  "binding_method": "prompt",
  "recovery_codes": [ "N3BGPZZWJ85JLCNPZBDW6QXC" ],
  "oob_channel": "sms",
  "oob_code": "ata6daXAiOi..."
}
`
```

「`User is already enrolled（ユーザーは登録済みです）`」というエラーメッセージを受け取った場合、そのユーザーはすでにMFA要素を登録済みです。このユーザーに対して別の要素を関連付ける前に、既存の要素を使ってユーザーにチャレンジする必要があります。

ユーザーが鑑別工具を初めて関連付けている場合は、応答に`recovery_codes`が含まれます。復旧コードは、ユーザーが第二の認証要素であるアカウントやデバイスにアクセスできなくなったときに、ユーザーのアカウントにアクセスするために使用されます。このコードは1回しか使用できず、必要に応じて新しいコードが生成されます。

### SMSまたは音声の登録を確定する

ユーザーは、アプリケーションに提供しなければならない6桁のコードが記載されたメッセージを受信します。

登録を完了するには、<Tooltip data-tooltip-id="react-containers-DefinitionTooltip-0" href="/docs/ja-jp/glossary?term=oath2" tip="OAuth 2.0: 認可プロトコルとワークフローを定義する認可フレームワーク。" cta="用語集の表示">OAuth</Tooltip>トークンエンドポイントに`POST`要求を行います。メッセージで受け取った値とともに、前の応答で返された`oob_code`と`binding_code`を含める必要があります。

<AuthCodeGroup>
  ````bash cURL theme={null}
  curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'authorization: Bearer {mfaToken}' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=http://auth0.com/oauth/grant-type/mfa-oob \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'mfa_token={mfaToken}' \
  --data 'oob_code={oobCode}' \
  --data 'binding_code={userOtpCode}'
  ``` lines
  ```csharp C#
  var client = new RestClient("https://{yourDomain}/oauth/token");
  var request = new RestRequest(Method.POST);
  request.AddHeader("authorization", "Bearer {mfaToken}");
  request.AddHeader("content-type", "application/x-www-form-urlencoded");
  request.AddParameter("application/x-www-form-urlencoded", "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D", ParameterType.RequestBody);
  IRestResponse response = client.Execute(request);
  ````

  ````go Go theme={null}
  package main
  import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
  )
  func main() {
  url := "https://{yourDomain}/oauth/token"
  payload := strings.NewReader("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D")
  req, _ := http.NewRequest("POST", url, payload)
  req.Header.Add("authorization", "Bearer {mfaToken}")
  req.Header.Add("content-type", "application/x-www-form-urlencoded")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)
  fmt.Println(res)
  fmt.Println(string(body))
  }
  ``` lines
  ```java Java
  HttpResponse response = Unirest.post("https://{yourDomain}/oauth/token")
  .header("authorization", "Bearer {mfaToken}")
  .header("content-type", "application/x-www-form-urlencoded")
  .body("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D")
  .asString();
  ````

  ````javascript Node.JS theme={null}
  var axios = require("axios").default;
  var options = {
  method: 'POST',
  url: 'https://{yourDomain}/oauth/token',
  headers: {
  authorization: 'Bearer {mfaToken}',
  'content-type': 'application/x-www-form-urlencoded'
  },
  data: new URLSearchParams({
  grant_type: 'http://auth0.com/oauth/grant-type/mfa-oob',
  client_id: '{yourClientId}',
  client_secret: '{yourClientSecret}',
  mfa_token: '{mfaToken}',
  oob_code: '{oobCode}',
  binding_code: '{userOtpCode}'
  })
  };
  axios.request(options).then(function (response) {
  console.log(response.data);
  }).catch(function (error) {
  console.error(error);
  });
  ``` lines
  ```objc Obj-C
  #import 
  NSDictionary \*headers = @{ @"authorization": @"Bearer {mfaToken}",
  @"content-type": @"application/x-www-form-urlencoded" };
  NSMutableData \*postData = [[NSMutableData alloc] initWithData:[@"grant_type=http://auth0.com/oauth/grant-type/mfa-oob" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&client_id={yourClientId}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&client_secret={yourClientSecret}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&mfa_token={mfaToken}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&oob_code={oobCode}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&binding_code={userOtpCode}" dataUsingEncoding:NSUTF8StringEncoding]];
  NSMutableURLRequest \*request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/oauth/token"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
  [request setHTTPMethod:@"POST"];
  [request setAllHTTPHeaderFields:headers];
  [request setHTTPBody:postData];
  NSURLSession \*session = [NSURLSession sharedSession];
  NSURLSessionDataTask \*dataTask = [session dataTaskWithRequest:request
  completionHandler:^(NSData \*data, NSURLResponse \*response, NSError \*error) {
  if (error) {
  NSLog(@"%@", error);
  } else {
  NSHTTPURLResponse \*httpResponse = (NSHTTPURLResponse \*) response;
  NSLog(@"%@", httpResponse);
  }
  }];
  [dataTask resume];
  ````

  ````php PHP theme={null}
  $curl = curl_init();
  curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/oauth/token",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D",
  CURLOPT_HTTPHEADER => [
  "authorization: Bearer {mfaToken}",
  "content-type: application/x-www-form-urlencoded"
  ],
  ]);
  $response = curl_exec($curl);
  $err = curl_error($curl);
  curl_close($curl);
  if ($err) {
  echo "cURL Error #:" . $err;
  } else {
  echo $response;
  }
  ``` lines
  ```python Python
  import http.client
  conn = http.client.HTTPSConnection("")
  payload = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D"
  headers = {
  'authorization': "Bearer {mfaToken}",
  'content-type': "application/x-www-form-urlencoded"
  }
  conn.request("POST", "/{yourDomain}/oauth/token", payload, headers)
  res = conn.getresponse()
  data = res.read()
  print(data.decode("utf-8"))
  ````

  ````ruby Ruby theme={null}
  require 'uri'
  require 'net/http'
  require 'openssl'
  url = URI("https://{yourDomain}/oauth/token")
  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  request = Net::HTTP::Post.new(url)
  request["authorization"] = 'Bearer {mfaToken}'
  request["content-type"] = 'application/x-www-form-urlencoded'
  request.body = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D"
  response = http.request(request)
  puts response.read_body
  ``` lines
  ```swift Swift
  import Foundation
  let headers = [
  "authorization": "Bearer {mfaToken}",
  "content-type": "application/x-www-form-urlencoded"
  ]
  let postData = NSMutableData(data: "grant_type=http://auth0.com/oauth/grant-type/mfa-oob".data(using: String.Encoding.utf8)!)
  postData.append("&client_id={yourClientId}".data(using: String.Encoding.utf8)!)
  postData.append("&client_secret={yourClientSecret}".data(using: String.Encoding.utf8)!)
  postData.append("&mfa_token={mfaToken}".data(using: String.Encoding.utf8)!)
  postData.append("&oob_code={oobCode}".data(using: String.Encoding.utf8)!)
  postData.append("&binding_code={userOtpCode}".data(using: String.Encoding.utf8)!)
  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/oauth/token")! as URL,
  cachePolicy: .useProtocolCachePolicy,
  timeoutInterval: 10.0)
  request.httpMethod = "POST"
  request.allHTTPHeaderFields = headers
  request.httpBody = postData as Data
  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  print(error)
  } else {
  let httpResponse = response as? HTTPURLResponse
  print(httpResponse)
  }
  })
  dataTask.resume()
  ````
</AuthCodeGroup>

呼び出しが成功すると、アクセストークンを含む応答が以下の形式で返されます。

```json lines theme={null}
{
  "id_token": "eyJ...i",
  "access_token": "eyJ...i",
  "expires_in": 600,
  "scope": "openid profile",
  "token_type": "Bearer"
}
```

## SMSまたは音声でチャレンジする

### MFAトークンを取得する

「[リソース所有者のパスワード付与とMFAで認証する](/docs/ja-jp/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa)」で説明されている手順に従ってMFAトークンを取得します。

### 登録されているAuthenticatorを取得する

ユーザーにチャレンジするには、チャレンジしたい要素の`authenticator_id`が必要です。登録された全Authenticatorの一覧は、MFA Authenticatorエンドポイントを使って表示できます：

<AuthCodeGroup>
  ````bash cURL theme={null}
  curl --request GET \
  --url 'https://{yourDomain}/mfa/authenticators' \
  --header 'authorization: Bearer MFA_TOKEN' \
  --header 'content-type: application/json'
  ``` lines
  ```csharp C#
  var client = new RestClient("https://{yourDomain}/mfa/authenticators");
  var request = new RestRequest(Method.GET);
  request.AddHeader("authorization", "Bearer MFA_TOKEN");
  request.AddHeader("content-type", "application/json");
  IRestResponse response = client.Execute(request);
  ````

  ````go Go theme={null}
  package main
  import (
  "fmt"
  "net/http"
  "io/ioutil"
  )
  func main() {
  url := "https://{yourDomain}/mfa/authenticators"
  req, _ := http.NewRequest("GET", url, nil)
  req.Header.Add("authorization", "Bearer MFA_TOKEN")
  req.Header.Add("content-type", "application/json")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)
  fmt.Println(res)
  fmt.Println(string(body))
  }
  ``` lines
  ```java Java
  HttpResponse response = Unirest.get("https://{yourDomain}/mfa/authenticators")
  .header("authorization", "Bearer MFA_TOKEN")
  .header("content-type", "application/json")
  .asString();
  ````

  ````javascript Node.JS theme={null}
  var axios = require("axios").default;
  var options = {
  method: 'GET',
  url: 'https://{yourDomain}/mfa/authenticators',
  headers: {authorization: 'Bearer MFA_TOKEN', 'content-type': 'application/json'}
  };
  axios.request(options).then(function (response) {
  console.log(response.data);
  }).catch(function (error) {
  console.error(error);
  });
  ``` lines
  ```objc Obj-C
  #import 
  NSDictionary \*headers = @{ @"authorization": @"Bearer MFA_TOKEN",
  @"content-type": @"application/json" };
  NSMutableURLRequest \*request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/mfa/authenticators"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
  [request setHTTPMethod:@"GET"];
  [request setAllHTTPHeaderFields:headers];
  NSURLSession \*session = [NSURLSession sharedSession];
  NSURLSessionDataTask \*dataTask = [session dataTaskWithRequest:request
  completionHandler:^(NSData \*data, NSURLResponse \*response, NSError \*error) {
  if (error) {
  NSLog(@"%@", error);
  } else {
  NSHTTPURLResponse \*httpResponse = (NSHTTPURLResponse \*) response;
  NSLog(@"%@", httpResponse);
  }
  }];
  [dataTask resume];
  ````

  ````php PHP theme={null}
  $curl = curl_init();
  curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/mfa/authenticators",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => [
  "authorization: Bearer MFA_TOKEN",
  "content-type: application/json"
  ],
  ]);
  $response = curl_exec($curl);
  $err = curl_error($curl);
  curl_close($curl);
  if ($err) {
  echo "cURL Error #:" . $err;
  } else {
  echo $response;
  }
  ``` lines
  ```python Python
  import http.client
  conn = http.client.HTTPSConnection("")
  headers = {
  'authorization': "Bearer MFA_TOKEN",
  'content-type': "application/json"
  }
  conn.request("GET", "/{yourDomain}/mfa/authenticators", headers=headers)
  res = conn.getresponse()
  data = res.read()
  print(data.decode("utf-8"))
  ````

  ````ruby Ruby theme={null}
  require 'uri'
  require 'net/http'
  require 'openssl'
  url = URI("https://{yourDomain}/mfa/authenticators")
  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  request = Net::HTTP::Get.new(url)
  request["authorization"] = 'Bearer MFA_TOKEN'
  request["content-type"] = 'application/json'
  response = http.request(request)
  puts response.read_body
  ``` lines
  ```swift Swift
  import Foundation
  let headers = [
  "authorization": "Bearer MFA_TOKEN",
  "content-type": "application/json"
  ]
  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/mfa/authenticators")! as URL,
  cachePolicy: .useProtocolCachePolicy,
  timeoutInterval: 10.0)
  request.httpMethod = "GET"
  request.allHTTPHeaderFields = headers
  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  print(error)
  } else {
  let httpResponse = response as? HTTPURLResponse
  print(httpResponse)
  }
  })
  dataTask.resume()
  ````
</AuthCodeGroup>

Authenticatorのリストが以下の形式で返されます。

```json lines theme={null}
[
    {
        "id": "recovery-code|dev_O4KYL4FtcLAVRsCl",
        "authenticator_type": "recovery-code",
        "active": true
    },
    {
        "id": "sms|dev_NU1Ofuw3Cw0XCt5x",
        "authenticator_type": "oob",
        "active": true,
        "oob_channel": "sms",
        "name": "XXXXXXXX8730"
    },
        {
        "id": "voice|dev_NU1Ofuw3Cw0XCt5x",
        "authenticator_type": "oob",
        "active": true,
        "oob_channel": "voice",
        "name": "XXXXXXXX8730"
    }
]
```

### OTPを使ってユーザーにチャレンジする

メールチャレンジをトリガーするには、対応する`authenticator_id`と`mfa_token`を使ってMFAチャレンジエンドポイントを`POST`します。

<AuthCodeGroup>
  ````bash cURL theme={null}
  curl --request POST \
  --url 'https://{yourDomain}/mfa/challenge' \
  --header 'content-type: application/json' \
  --data '{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }'
  ``` lines
  ```csharp C#
  var client = new RestClient("https://{yourDomain}/mfa/challenge");
  var request = new RestRequest(Method.POST);
  request.AddHeader("content-type", "application/json");
  request.AddParameter("application/json", "{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }", ParameterType.RequestBody);
  IRestResponse response = client.Execute(request);
  ````

  ````go Go theme={null}
  package main
  import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
  )
  func main() {
  url := "https://{yourDomain}/mfa/challenge"
  payload := strings.NewReader("{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }")
  req, _ := http.NewRequest("POST", url, payload)
  req.Header.Add("content-type", "application/json")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)
  fmt.Println(res)
  fmt.Println(string(body))
  }
  ``` lines
  ```java Java
  HttpResponse response = Unirest.post("https://{yourDomain}/mfa/challenge")
  .header("content-type", "application/json")
  .body("{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }")
  .asString();
  ````

  ````javascript Node.JS theme={null}
  var axios = require("axios").default;
  var options = {
  method: 'POST',
  url: 'https://{yourDomain}/mfa/challenge',
  headers: {'content-type': 'application/json'},
  data: {
  client_id: '{yourClientId}',
  client_secret: '{yourClientSecret}',
  challenge_type: 'oob',
  authenticator_id: 'sms|dev_NU1Ofuw3Cw0XCt5x',
  mfa_token: '{mfaToken}'
  }
  };
  axios.request(options).then(function (response) {
  console.log(response.data);
  }).catch(function (error) {
  console.error(error);
  });
  ``` lines
  ```objc Obj-C
  #import 
  NSDictionary \*headers = @{ @"content-type": @"application/json" };
  NSDictionary \*parameters = @{ @"client_id": @"{yourClientId}",
  @"client_secret": @"{yourClientSecret}",
  @"challenge_type": @"oob",
  @"authenticator_id": @"sms|dev_NU1Ofuw3Cw0XCt5x",
  @"mfa_token": @"{mfaToken}" };
  NSData \*postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
  NSMutableURLRequest \*request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/mfa/challenge"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
  [request setHTTPMethod:@"POST"];
  [request setAllHTTPHeaderFields:headers];
  [request setHTTPBody:postData];
  NSURLSession \*session = [NSURLSession sharedSession];
  NSURLSessionDataTask \*dataTask = [session dataTaskWithRequest:request
  completionHandler:^(NSData \*data, NSURLResponse \*response, NSError \*error) {
  if (error) {
  NSLog(@"%@", error);
  } else {
  NSHTTPURLResponse \*httpResponse = (NSHTTPURLResponse \*) response;
  NSLog(@"%@", httpResponse);
  }
  }];
  [dataTask resume];
  ````

  ````php PHP theme={null}
  $curl = curl_init();
  curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/mfa/challenge",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }",
  CURLOPT_HTTPHEADER => [
  "content-type: application/json"
  ],
  ]);
  $response = curl_exec($curl);
  $err = curl_error($curl);
  curl_close($curl);
  if ($err) {
  echo "cURL Error #:" . $err;
  } else {
  echo $response;
  }
  ``` lines
  ```python Python
  import http.client
  conn = http.client.HTTPSConnection("")
  payload = "{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }"
  headers = { 'content-type': "application/json" }
  conn.request("POST", "/{yourDomain}/mfa/challenge", payload, headers)
  res = conn.getresponse()
  data = res.read()
  print(data.decode("utf-8"))
  ````

  ````ruby Ruby theme={null}
  require 'uri'
  require 'net/http'
  require 'openssl'
  url = URI("https://{yourDomain}/mfa/challenge")
  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  request = Net::HTTP::Post.new(url)
  request["content-type"] = 'application/json'
  request.body = "{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }"
  response = http.request(request)
  puts response.read_body
  ``` lines
  ```swift Swift
  import Foundation
  let headers = ["content-type": "application/json"]
  let parameters = [
  "client_id": "{yourClientId}",
  "client_secret": "{yourClientSecret}",
  "challenge_type": "oob",
  "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x",
  "mfa_token": "{mfaToken}"
  ] as [String : Any]
  let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/mfa/challenge")! as URL,
  cachePolicy: .useProtocolCachePolicy,
  timeoutInterval: 10.0)
  request.httpMethod = "POST"
  request.allHTTPHeaderFields = headers
  request.httpBody = postData as Data
  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  print(error)
  } else {
  let httpResponse = response as? HTTPURLResponse
  print(httpResponse)
  }
  })
  dataTask.resume()
  ````
</AuthCodeGroup>

### 受信したコードを使って認証を完了する

成功すると以下の応答を受け取ります。

```json lines theme={null}
{
  "challenge_type": "oob",
  "oob_code": "asdae35fdt5...",
  "binding_method": "prompt"
}
```

アプリケーションは、メッセージで送信した6桁のコードをユーザーに求めて、`binding_code`パラメーター内に設定する必要があります。前の呼び出しで返された`binding_code`と`oob_code`を指定して、OAuth0トークンエンドポイントでコードを検証し、トークンを取得することができます。

<AuthCodeGroup>
  ````bash cURL theme={null}
  curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=http://auth0.com/oauth/grant-type/mfa-oob \
  --data 'client_id={yourClientId}' \
  --data 'client_secret={yourClientSecret}' \
  --data 'mfa_token={mfaToken}' \
  --data 'oob_code={oobCode}' \
  --data binding_code=USER_OTP_CODE
  ``` lines
  ```csharp C#
  var client = new RestClient("https://{yourDomain}/oauth/token");
  var request = new RestRequest(Method.POST);
  request.AddHeader("content-type", "application/x-www-form-urlencoded");
  request.AddParameter("application/x-www-form-urlencoded", "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE", ParameterType.RequestBody);
  IRestResponse response = client.Execute(request);
  ````

  ````go Go theme={null}
  package main
  import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
  )
  func main() {
  url := "https://{yourDomain}/oauth/token"
  payload := strings.NewReader("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE")
  req, _ := http.NewRequest("POST", url, payload)
  req.Header.Add("content-type", "application/x-www-form-urlencoded")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)
  fmt.Println(res)
  fmt.Println(string(body))
  }
  ``` lines
  ```java Java
  HttpResponse response = Unirest.post("https://{yourDomain}/oauth/token")
  .header("content-type", "application/x-www-form-urlencoded")
  .body("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE")
  .asString();
  ````

  ````javascript Node.JS theme={null}
  var axios = require("axios").default;
  var options = {
  method: 'POST',
  url: 'https://{yourDomain}/oauth/token',
  headers: {'content-type': 'application/x-www-form-urlencoded'},
  data: new URLSearchParams({
  grant_type: 'http://auth0.com/oauth/grant-type/mfa-oob',
  client_id: '{yourClientId}',
  client_secret: '{yourClientSecret}',
  mfa_token: '{mfaToken}',
  oob_code: '{oobCode}',
  binding_code: 'USER_OTP_CODE'
  })
  };
  axios.request(options).then(function (response) {
  console.log(response.data);
  }).catch(function (error) {
  console.error(error);
  });
  ``` lines
  ```objc Obj-C
  #import 
  NSDictionary \*headers = @{ @"content-type": @"application/x-www-form-urlencoded" };
  NSMutableData \*postData = [[NSMutableData alloc] initWithData:[@"grant_type=http://auth0.com/oauth/grant-type/mfa-oob" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&client_id={yourClientId}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&client_secret={yourClientSecret}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&mfa_token={mfaToken}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&oob_code={oobCode}" dataUsingEncoding:NSUTF8StringEncoding]];
  [postData appendData:[@"&binding_code=USER_OTP_CODE" dataUsingEncoding:NSUTF8StringEncoding]];
  NSMutableURLRequest \*request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/oauth/token"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
  [request setHTTPMethod:@"POST"];
  [request setAllHTTPHeaderFields:headers];
  [request setHTTPBody:postData];
  NSURLSession \*session = [NSURLSession sharedSession];
  NSURLSessionDataTask \*dataTask = [session dataTaskWithRequest:request
  completionHandler:^(NSData \*data, NSURLResponse \*response, NSError \*error) {
  if (error) {
  NSLog(@"%@", error);
  } else {
  NSHTTPURLResponse \*httpResponse = (NSHTTPURLResponse \*) response;
  NSLog(@"%@", httpResponse);
  }
  }];
  [dataTask resume];
  ````

  ````php PHP theme={null}
  $curl = curl_init();
  curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/oauth/token",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE",
  CURLOPT_HTTPHEADER => [
  "content-type: application/x-www-form-urlencoded"
  ],
  ]);
  $response = curl_exec($curl);
  $err = curl_error($curl);
  curl_close($curl);
  if ($err) {
  echo "cURL Error #:" . $err;
  } else {
  echo $response;
  }
  ``` lines
  ```python Python
  import http.client
  conn = http.client.HTTPSConnection("")
  payload = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE"
  headers = { 'content-type': "application/x-www-form-urlencoded" }
  conn.request("POST", "/{yourDomain}/oauth/token", payload, headers)
  res = conn.getresponse()
  data = res.read()
  print(data.decode("utf-8"))
  ````

  ````ruby Ruby theme={null}
  require 'uri'
  require 'net/http'
  require 'openssl'
  url = URI("https://{yourDomain}/oauth/token")
  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  request = Net::HTTP::Post.new(url)
  request["content-type"] = 'application/x-www-form-urlencoded'
  request.body = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE"
  response = http.request(request)
  puts response.read_body
  ``` lines
  ```swift Swift
  import Foundation
  let headers = ["content-type": "application/x-www-form-urlencoded"]
  let postData = NSMutableData(data: "grant_type=http://auth0.com/oauth/grant-type/mfa-oob".data(using: String.Encoding.utf8)!)
  postData.append("&client_id={yourClientId}".data(using: String.Encoding.utf8)!)
  postData.append("&client_secret={yourClientSecret}".data(using: String.Encoding.utf8)!)
  postData.append("&mfa_token={mfaToken}".data(using: String.Encoding.utf8)!)
  postData.append("&oob_code={oobCode}".data(using: String.Encoding.utf8)!)
  postData.append("&binding_code=USER_OTP_CODE".data(using: String.Encoding.utf8)!)
  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/oauth/token")! as URL,
  cachePolicy: .useProtocolCachePolicy,
  timeoutInterval: 10.0)
  request.httpMethod = "POST"
  request.allHTTPHeaderFields = headers
  request.httpBody = postData as Data
  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  print(error)
  } else {
  let httpResponse = response as? HTTPURLResponse
  print(httpResponse)
  }
  })
  dataTask.resume()
  ````
</AuthCodeGroup>

呼び出しが成功すると、アクセストークンを含む応答が以下の形式で返されます：

```json lines theme={null}
{
  "id_token": "eyJ...i",
  "access_token": "eyJ...i",
  "expires_in": 600,
  "scope": "openid profile",
  "token_type": "Bearer"
}
```

\*\*注意：\*\*SMSと無効なコードの返信はレート制限の対象になります。SMSコードは10回まで送信でき、1時間ごとに1回が補充されます。無効なコードは10回まで返信でき、6分ごとに1回が補充されます。

## もっと詳しく

* [認証APIを使って認証要素を管理する](/docs/ja-jp/secure/multi-factor-authentication/manage-mfa-auth0-apis/manage-authenticator-factors-mfa-api)
* [MFAにSMSと音声通知を設定する](/docs/ja-jp/secure/multi-factor-authentication/multi-factor-authentication-factors/configure-sms-voice-notifications-mfa)
* [回復コードを使用したチャレンジ](/docs/ja-jp/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/challenge-with-recovery-codes)
* [メールAuthenticatorの登録とチャレンジ](/docs/ja-jp/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-email-authenticators)
* [OTP Authenticatorの登録とチャレンジ](/docs/ja-jp/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-otp-authenticators)
* [プッシュAuthenticatorの登録とチャレンジ](/docs/ja-jp/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-and-challenge-push-authenticators)
