I would like to setup 2FA with two user types:
- Users that have hardware keys (YubiKey 5) and
- Users that use TOTP on cell phones
If user has Yubikey set-up after logging in with username and password first, it would need to use Yubikey to confirm login, however if it does not have hadrware token, it should use OTP from mobile phone.
Is this possible ? What I tried so far does not seem to work as expected - I cannot figure out how to conditionally trigger WebAuthn (if that should be used for Yubikey), only if it is configured. I managed to set up separately either TOTP or YubiKey login to work - that is not a problem at all.
This is how it looks now in my flow:
