Describe the bug
If you have multiple MFA validation stages after each other, as one stage with let's say Webauthn and TOTP, once the user passes this stage ang goes to the next stage that uses for example SMS and email, the flow will remember the last MFA device the user used and show the prompt for this even though the stage does not allow that specific method.

To Reproduce
Steps to reproduce the behavior:

Configure a following flow:

Identification stage -> MFA validation stage with email or SMS -> MFA validation stage with TOTP or Webauthn, the user will now be presented with email if they used that in the previous stage, and have to manually click Change authenticator to a valid one in order to continue -> Login

Expected behavior
Show the user the only MFA option that is allowed in the current stage.

• authentik version: 2025.4.1
• Deployment: docker-compose