diff --git a/src/main/kotlin/com/vauthenticator/server/extentions/JwtAuthenticationTokenExt.kt b/src/main/kotlin/com/vauthenticator/server/extentions/JwtAuthenticationTokenExt.kt
index f84857c5..0024b4d3 100644
--- a/src/main/kotlin/com/vauthenticator/server/extentions/JwtAuthenticationTokenExt.kt
+++ b/src/main/kotlin/com/vauthenticator/server/extentions/JwtAuthenticationTokenExt.kt
@@ -3,13 +3,19 @@ package com.vauthenticator.server.extentions
 import com.vauthenticator.server.oauth2.clientapp.ClientAppId
 import com.vauthenticator.server.oauth2.clientapp.Scope
 import com.vauthenticator.server.oauth2.clientapp.Scopes
+import org.springframework.security.core.Authentication
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
 
+fun Authentication.clientAppId(): ClientAppId {
+    val authentication = this as JwtAuthenticationToken
+    return authentication.clientAppId()
+}
+
 fun JwtAuthenticationToken.clientAppId(): ClientAppId {
     val aud = this.token.claims["aud"]!!
     return try {
         ClientAppId((aud as String))
-    } catch (e : RuntimeException){
+    } catch (e: RuntimeException) {
         ClientAppId((aud as List<String>)[0])
     }
 }
diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt b/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt
index a02f62d9..b4313261 100644
--- a/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt
+++ b/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt
@@ -1,13 +1,13 @@
 package com.vauthenticator.server.mfa.api
 
 import com.vauthenticator.server.account.repository.AccountRepository
+import com.vauthenticator.server.extentions.clientAppId
 import com.vauthenticator.server.mask.SensitiveEmailMasker
 import com.vauthenticator.server.mfa.domain.EmailMfaDevice
 import com.vauthenticator.server.mfa.domain.MfaMethod
 import com.vauthenticator.server.mfa.domain.MfaMethodsEnrollment
 import com.vauthenticator.server.mfa.domain.MfaMethodsEnrollmentAssociation
 import com.vauthenticator.server.mfa.repository.MfaAccountMethodsRepository
-import com.vauthenticator.server.oauth2.clientapp.ClientAppId
 import org.springframework.http.ResponseEntity
 import org.springframework.http.ResponseEntity.ok
 import org.springframework.security.core.Authentication
@@ -54,7 +54,7 @@ class MfaEnrolmentAssociationEndPoint(
             authentication.name,
             enrolling.mfaMethod,
             enrolling.mfaChannel,
-            ClientAppId.empty(), //todo figure out how to detect the client app
+            authentication.clientAppId(),
             true
         )
         return ok(ticketId.content)