{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/OOB",
  "title": "OOB",
  "description": "To verify MFA using an OOB challenge, your application must make a request to /oauth/token with grant_type=http://auth0.com/oauth/grant-type/mfa-oob. Include the oob_code you received from the challenge response, as well as the mfa_token you received as part of mfa_required error.",
  "type": "object",
  "properties": {
    "grant_type": {
      "type": "string",
      "description": "Denotes the flow you are using. For OTP MFA, use http://auth0.com/oauth/grant-type/mfa-oob."
    },
    "client_id": {
      "type": "string",
      "description": "Your application's Client ID."
    },
    "client_assertion": {
      "type": "string",
      "description": "A JWT containing a signed assertion with your application credentials. Required when Private Key JWT is your application authentication method."
    },
    "client_assertion_type": {
      "type": "string",
      "description": "The value is urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Required when Private Key JWT is the application authentication method."
    },
    "client_secret": {
      "type": "string",
      "description": "Your application's Client Secret. Required when the Token Endpoint Authentication Method field at your Application Settings is Post or Basic."
    },
    "mfa_token": {
      "type": "string",
      "description": "The mfa_token you received from mfa_required error."
    },
    "oob_code": {
      "type": "string",
      "description": "The oob code received from the challenge request."
    },
    "binding_code": {
      "type": "string",
      "description": "A code used to bind the side channel (used to deliver the challenge) with the main channel you are using to authenticate. This is usually an OTP-like code delivered as part of the challenge message."
    }
  }
}