Custom password reset flow / custom OTP implementation

For a specific use case I need to be able to reset a password using a 6-digit OTP instead of an action-token-link.
The term OTP is here not a 2nd factor, it is the only factor identifying the user.
I have already created a modified password reset flow, implemented authenticators to send out email with a new OTP (and store it as a credential for the user) instead of the link and also built a new endpoint that accepts the OTP, verifies it and its validity and resets the password.
I do not like the custom endpoint. I would like to have the user read the email, take the OTP and enter it into a standard form presented by a custom authenticator. I even built one but I‘m not sure how to make sure that the user coming to the actiontoken endpoint without a token reach my authenticator. I configured it as „does not require known user“ but its never called.