no information to find about what "requestToken" is

[mdt82]

I can't find any information about requestToken required in the configuration of auth0-guardian. If using tickets there is a lot of information. But what is a requestToken and how to get it?

[santiagoaguiar]

If you are using a customized Guardian page inside auth0 (as explained here: https://auth0.com/docs/multifactor-authentication/administrator/customizing-widget) the requestToken will be available via the properties passed to the page template, and you can just pass it when building the Auth0MFAWidget.

Would that work for you?

[lukepereira]

I am also curious about this. Is there any way to generate this requestToken if I am implementing guardian device enrolment through APIs?

I noticed that I can post to https://{{ tenant }}.guardian.auth0.com/api/device-accounts/split-up-authenticator/sms-enroll, but I can't figure out how to generate the token with appropriate scopes that is sent from the widget.

Is this possible? Any help would be much appreciated. Thanks

[big-kahuna-burger]

Correct me someone if I'm wrong, but difference between the ticketId and requestToken are to distinguish 2 different flows. TicketId is what is used when you click Send Enrollment Invitation link on user details page. (There is also post_ticket on mgmt api if you don't want to click links manually).
And requestToken is with so-called "Self Initiated Mfa" flow, where multifactor is activated by a Auth0 Rule automatically instead of being sent manually via UI or Management API in a ticket form.

[desmond27]

Wow. It's been two years and still no resolution?