Widget doesn't prompt to enroll optional authenticators after authenticating in sign in flow

[Burnett2k]

Describe the bug

We are trying to roll out webauthn to users in an opt-in fashion. We are attempting to do this for existing users by adding an enrollment policy to make webauthn optional. This works well for registration flow and we see the user is prompted after creating account to set up optional authenticators (see screenshot)

However, if you go through this same flow with existing users, they can log in using existing authenticators but are never prompted to set up a new one. The only way we've seen to far to prompt a user for another authenticator is to make it required, but that is a problem because we don't want it to be requires. It needs to be an opt-in approach.

Reproduction Steps

1. Create a user with password as a required authenticator
2. Have an authentication policy allowing FIDO / webauthn as an optional authentication factor, along with password
3. Create a FIDO2 authenticator and make it optional in the enrollment policy
4. Try to login with the existing user who has never set up a FIDO / webauthn authenticator
5. Note that if the user does NOT activate their FIDO authenticator during create account, they will never be prompted to set it up in the future on subsequent logins.

SDK Versions

System:
OS: macOS 14.5
CPU: (8) arm64 Apple M1 Pro
Memory: 77.05 MB / 32.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 18.19.0 - ~/.nvm/versions/node/v18.19.0/bin/node
Yarn: 1.22.22 - ~/.nvm/versions/node/v18.19.0/bin/yarn
npm: 10.2.3 - ~/.nvm/versions/node/v18.19.0/bin/npm
pnpm: 8.6.7 - ~/.yarn/bin/pnpm
Browsers:
Chrome: 127.0.6533.89
Safari: 17.5

Additional Information

No response