We use B2C with email/phone MFA. I want to protect risky/sensitive actions by asking users to re-authenticate using a TOTP.
I can see example of this pattern in other services, but not B2C.
Does B2C support this flow?
https://www.descope.com/learn/post/step-up-authentication
https://auth0.com/docs/secure/multi-factor-authentication/step-up-authentication/configure-step-up-authentication-for-apis