TrustedDeviceCondition does not work when 2FA is required instead of conditional #11
Description
First of all thank you for all the work that you have done with this plugin. I downloaded it, tried it (did some minor changes to theme to accommodate to our company's UI). Additional change that I did was that I changed Authenticator Types in Credential configured condition to be single String value instead of Multivalued value since we only use 'otp' authenticator type. I configured new conditions and register trusted device step. I set the 2FA device registration step to be conditional. When I log into our backoffice with these settings everything works perfectly.
Next, I configure the 2FA device. I proceed to login again, I am prompted for OTP code. I enter OTP code and now this new "Trust this device for X days" popups. I confirm it and can log into out backoffice again normally.
I logout and try login again. Works like a charm, I am also not prompted to OTP code.
Now here is where it gets tricky. If I try setting the Browser - 2FA - Conditional OTP step in authentication flow to REQUIRED instead of CONDITIONAL the flow completely breaks apart.
I still get prompted for OTP code during login and also get prompted if I want to trust this device but for some reason these two steps get flipped. So first I am asked if I want to trust the device and only after that I am prompted for OTP code. Further, even if I select to trust the device, it won't actually matter since during next login I still get prompted for OTP code.
My question is - have you ever tried this flow with Browser - 2FA - Conditional OTP step set to REQUIRED and managed to make it work? I have tried several different approaches but have not found a solution (as of yet). Can you maybe point me what should be change OR is it even possible for this plugin to work with REQUIRED 2FA step?
Any help would be greatly appreciated. For reference, I am using Keycloak v20.0.3.
Here are examples of configuration
Authentication steps
