@Moderator_1
Thank you for the reply. This is an ease-of-use question not an application working question.
Please see the following steps to reproduce the issue.
- Login as new user to the site.
- Enable TOTP
- Log out and Login as the same user
- Clicking on TOTP site shows a second login to the site asking client id and mpin.
Core issue: UX issue Why are you asking me for a login again?
Is the user not validated on the main site?
If yes, why ask for client id and mpin here while you allow email and pass on the main site?
Hope you see the subtle question here. It works as it stands, but not smooth.