I’ve noticed that with the TOTP configuration authentication flow, if users enter the wrong token code, the page is refreshed and a new QR code (and ‘manual entry’ option) are generated. I can foresee this being a problem as if users don’t notice that the QR code has changed, (and rescan the code), they will never enter the right code.
Is KC meant to function this way? From what I can tell, a new TotpBean is created everytime the Freemaker template generates its HTML contents. Is there a way to make it display the same QR code if the user enters the wrong token? I’ve also seen it happen in the ‘Account Management’ section too.