Load email otp component as 2fa fallback
What does this MR do and why?
Allow Email OTP to be used as a fallback option for TOTP.
Part 2 for https://gitlab.com/gitlab-org/gitlab/-/issues/570174.
References
Related: https://gitlab.com/gitlab-org/gitlab/-/issues/570174
Screenshots or screen recordings
| Scenario | Reocrding | Comment |
|---|---|---|
| User failed Webauthn and is permitted to use email OTP as fallback | Screen_Recording_2025-11-06_at_1.38.05_PM | User can click links in the Webauthn footer, the 2nd link allows user to send email OTP to complete verification |
| User failed Webauthn, chooses TOTP verification instead, and is permitted to use email OTP as fallback | Screen_Recording_2025-11-06_at_1.54.41_PM | User can send OTP to email as fallback verification and complete the login process |
| User failed Webauthn but is not permitted to use email OTP as fallback | Screen_Recording_2025-11-06_at_1.42.43_PM | the send OTP to email link is not available to user as fallback for neither webauthn nor TOTP |
| User only has TOTP enabled, and is not permitted to use email OTP as fallback | Screen_Recording_2025-11-06_at_1.47.11_PM | The send OTP to email link is not available to user as fallback under the TOTP form |
| User only has TOTP enabled, and is permitted to use email OTP as fallback | Screen_Recording_2025-11-06_at_1.49.32_PM | User can send OTP to email as fallback verification and complete the login process |
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Jennifer Li