Open
Description
Feature Description
Whenever TOTP is used as an MFA feature :
- The user will be redirected to the redirect_uri screen when they use the recovery code to log in, but they will first need to be redirected to the TOTP scanner image screen.
So after recovery codes are successfully validated, the same process repeats itself, with the user coming and logging in using TOTP as MFA.
Describe the solution you'd like
Reset the totp secret key and update recovery codes inside the database after the recovery codes have been properly validated will cause the user to be redirected to the totp scanner image screen the next time, when the updated recovery code and new secret will be displayed.
Describe alternatives you've considered
Additional context