diff --git a/go.mod b/go.mod
index dfc221ca36..15cd471e3e 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	golang.org/x/sys v0.39.0
 	golang.org/x/term v0.38.0
 	google.golang.org/grpc v1.77.0
-	google.golang.org/protobuf v1.36.10
+	google.golang.org/protobuf v1.36.11
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v3 v3.0.1
 	gorbe.io/go/osrelease v0.3.0
diff --git a/go.sum b/go.sum
index 561b77f13c..647461bcea 100644
--- a/go.sum
+++ b/go.sum
@@ -152,8 +152,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM=
 google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/pam/integration-tests/cli_test.go b/pam/integration-tests/cli_test.go
index 368848eaa9..200e5c273e 100644
--- a/pam/integration-tests/cli_test.go
+++ b/pam/integration-tests/cli_test.go
@@ -37,6 +37,7 @@ func TestCLIAuthenticate(t *testing.T) {
 		tape          string
 		tapeSettings  []tapeSetting
 		tapeVariables map[string]string
+		tapeCommand   string
 
 		clientOptions      clientOptions
 		socketPath         string
@@ -109,6 +110,10 @@ func TestCLIAuthenticate(t *testing.T) {
 		"Authenticate_user_with_mfa": {
 			tape: "mfa_auth",
 		},
+		"Authenticate_user_with_mfa_required": {
+			tape:        "mfa_auth",
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
 		"Authenticate_user_with_form_mode_with_button": {
 			tape: "form_with_button",
 		},
@@ -149,6 +154,13 @@ func TestCLIAuthenticate(t *testing.T) {
 				{vhsWaitTimeout, 15 * time.Second},
 			},
 		},
+		"Authenticate_user_with_qr_code_requiring_mfa_auth": {
+			tape: "qr_code",
+			clientOptions: clientOptions{
+				PamUser: examplebroker.UserIntegrationPrefix + "qr-code-require-mfa",
+			},
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
 		"Authenticate_user_and_reset_password_while_enforcing_policy": {
 			tape: "mandatory_password_reset",
 		},
@@ -220,6 +232,17 @@ func TestCLIAuthenticate(t *testing.T) {
 		"Deny_authentication_if_newpassword_does_not_match_required_criteria": {
 			tape: "bad_password",
 		},
+		"Deny_authentication_if_MFA_authentication_is_required_with_password": {
+			tape: "simple_auth",
+			tapeVariables: map[string]string{
+				vhsTapeUserVariable: vhsTestUserName(t, "simple-mfa-required"),
+			},
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
+		"Deny_authentication_if_MFA_authentication_is_required_with_password_reset": {
+			tape:        "mandatory_password_reset",
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
 
 		"Exit_authd_if_local_broker_is_selected": {
 			tape:         "local_broker",
@@ -282,8 +305,12 @@ func TestCLIAuthenticate(t *testing.T) {
 				socketPath = tc.socketPath
 			}
 
+			if tc.tapeCommand == "" {
+				tc.tapeCommand = tapeCommand
+			}
+
 			td := newTapeData(tc.tape, outDir, tc.tapeSettings...)
-			td.Command = tapeCommand
+			td.Command = tc.tapeCommand
 			td.Variables = tc.tapeVariables
 			td.Env[vhsTapeSocketVariable] = socketPath
 			td.Env["AUTHD_TEST_PID_FILE"] = pidFile
diff --git a/pam/integration-tests/native_test.go b/pam/integration-tests/native_test.go
index 1220177424..1af631bbad 100644
--- a/pam/integration-tests/native_test.go
+++ b/pam/integration-tests/native_test.go
@@ -121,6 +121,14 @@ func TestNativeAuthenticate(t *testing.T) {
 				PamUser: examplebroker.UserIntegrationMfaPrefix + "auth",
 			},
 		},
+		"Authenticate_user_with_mfa_required": {
+			tape:         "mfa_auth",
+			tapeSettings: []tapeSetting{{vhsHeight, 1200}},
+			clientOptions: clientOptions{
+				PamUser: examplebroker.UserIntegrationMfaPrefix + "auth-mfa-required",
+			},
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
 		"Authenticate_user_with_form_mode_with_button": {
 			tape:         "form_with_button",
 			tapeSettings: []tapeSetting{{vhsHeight, 700}},
@@ -199,6 +207,15 @@ func TestNativeAuthenticate(t *testing.T) {
 				PamServiceName: "sshd",
 			},
 		},
+		"Authenticate_user_with_qr_code_requiring_mfa_auth": {
+			tape:         "qr_code",
+			tapeSettings: []tapeSetting{{vhsHeight, 3000}},
+			tapeVariables: map[string]string{
+				"AUTHD_QRCODE_TAPE_ITEM":      "7",
+				"AUTHD_QRCODE_TAPE_ITEM_NAME": "QR code",
+			},
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
 		"Authenticate_user_and_reset_password_while_enforcing_policy": {
 			tape:         "mandatory_password_reset",
 			tapeSettings: []tapeSetting{{vhsHeight, 550}},
@@ -361,6 +378,18 @@ func TestNativeAuthenticate(t *testing.T) {
 				PamUser: examplebroker.UserIntegrationNeedsResetPrefix + "bad-password",
 			},
 		},
+		"Deny_authentication_if_MFA_authentication_is_required_with_password": {
+			tape:        "simple_auth",
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
+		"Deny_authentication_if_MFA_authentication_is_required_with_password_reset": {
+			tape:         "mandatory_password_reset",
+			tapeSettings: []tapeSetting{{vhsHeight, 550}},
+			clientOptions: clientOptions{
+				PamUser: examplebroker.UserIntegrationNeedsResetPrefix + "mandatory-mfa-required",
+			},
+			tapeCommand: strings.Join([]string{tapeCommand, "require_mfa=true"}, " "),
+		},
 
 		"Prevent_preset_user_from_switching_username": {
 			tape:         "switch_preset_username",
diff --git a/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Authenticate_user_with_mfa_required b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Authenticate_user_with_mfa_required
new file mode 100644
index 0000000000..1a80adb3d8
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Authenticate_user_with_mfa_required
@@ -0,0 +1,95 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Username: user name
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Username: user-mfa
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your provider
+
+> 1. local
+  2. ExampleBroker
+
+  Press escape key to go back to user selection
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+>
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your authentication method
+
+> 1. Password authentication
+  2. Send URL to user-mfa@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Use a QR code
+  7. Authentication code
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+>
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+> ********
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Plug your fido device and press with your thumb
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your authentication method
+
+> 1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Plug your fido device and press with your thumb
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Unlock your phone +33... or accept request on web interface
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your authentication method
+
+> 1. Use your phone +33...
+  2. Authentication code
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Unlock your phone +33... or accept request on web interface
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+PAM Error Message: Additional authentication factors are required
+PAM Authenticate()
+  User: "user-mfa"
+  Result: error: PAM exit code: 8
+    Insufficient credentials to access authentication data
+PAM Info Message: acct=incomplete
+PAM AcctMgmt()
+  User: "user-mfa"
+  Result: error: PAM exit code: 25
+    The return value should be ignored by PAM dispatch
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Authenticate_user_with_qr_code_requiring_mfa_auth b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Authenticate_user_with_qr_code_requiring_mfa_auth
new file mode 100644
index 0000000000..2deb63812c
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Authenticate_user_with_qr_code_requiring_mfa_auth
@@ -0,0 +1,171 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your provider
+
+> 1. local
+  2. ExampleBroker
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+>
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your authentication method
+
+> 1. Password authentication
+  2. Send URL to user-integration-qr-code-require-mfa@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Use a QR code
+  7. Authentication code
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Scan the qrcode or enter the code in the login page
+
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+        [ Regenerate code ]
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Scan the qrcode or enter the code in the login page
+
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+        [ Regenerate code ]
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Scan the qrcode or enter the code in the login page
+
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+          [ Regenerate code ]
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Scan the qrcode or enter the code in the login page
+
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █▀▄▀▀ ▀▀ ██ ▄▄▄▄▄ ████
+████ █   █ ██▄▀▄▀██▀▀█ █   █ ████
+████ █▄▄▄█ █▄▀▄ ▀   ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄▀▄▀ █ █▄▄▄▄▄▄▄████
+████▄█▄▀▄▀▄▀▀█▄▀▀▄█▄ █▀█▄██▄▀████
+█████▄▀ █▄▄ █▀▄██▀ ▀▀▄ ▄██▄ ▄████
+█████  ▄█▀▄▄ █  ▄ ▀█▀▄ ▄█ █▄ ████
+████▄▀▀▀▄▄▄▄▀▄▀█▀▀██▄▄ ▄▀█▄ ▄████
+████▄███▄▄▄█▀█ ▄▄▄▄▀ ▄▄▄  █▀▀████
+████ ▄▄▄▄▄ ██▀██▀ █▄ █▄█  █  ████
+████ █   █ █▄  █ ▄██▄ ▄   ▀██████
+████ █▄▄▄█ █▄  █▄ ▀▄ █▀█ ▀█▀▄████
+████▄▄▄▄▄▄▄█▄▄███▄█▄▄██▄███▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+   https://www.ubuntu-it.org/
+              1340
+
+        [ Regenerate code ]
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Scan the qrcode or enter the code in the login page
+
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1341
+
+        [ Regenerate code ]
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+PAM Authenticate()
+  User: "user-integration-qr-code-require-mfa"
+  Result: success
+PAM AcctMgmt()
+  User: "user-integration-qr-code-require-mfa"
+  Result: success
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password
new file mode 100644
index 0000000000..739976b8df
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password
@@ -0,0 +1,39 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Username: user name
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Username: user-integration-simple-mfa-required-testcliauthenticate
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your provider
+
+> 1. local
+  2. ExampleBroker
+
+  Press escape key to go back to user selection
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+>
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+> ********
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+PAM Error Message: Additional authentication factors are required
+PAM Authenticate()
+  User: "user-integration-simple-mfa-required-testcliauthenticate"
+  Result: error: PAM exit code: 8
+    Insufficient credentials to access authentication data
+PAM Info Message: acct=incomplete
+PAM AcctMgmt()
+  User: "user-integration-simple-mfa-required-testcliauthenticate"
+  Result: error: PAM exit code: 25
+    The return value should be ignored by PAM dispatch
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password_reset b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password_reset
new file mode 100644
index 0000000000..08b80fae75
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestCLIAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password_reset
@@ -0,0 +1,72 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Username: user name
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Username: user-needs-reset-integration-mandatory
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+  Select your provider
+
+> 1. local
+  2. ExampleBroker
+
+  Press escape key to go back to user selection
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+>
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+> ********
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Gimme your password:
+> ********
+Password reset, 1 step(s) missing
+
+  Press escape key to go back to select the authentication method
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Enter your new password
+
+New password:
+>
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Enter your new password
+
+New password:
+> *********
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+Enter your new password
+
+New password:
+> *********
+Confirm password:
+> *********
+
+  Press escape key to go back to choose the provider
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} require_mfa=true
+PAM Error Message: Additional authentication factors are required
+PAM Authenticate()
+  User: "user-needs-reset-integration-mandatory"
+  Result: error: PAM exit code: 8
+    Insufficient credentials to access authentication data
+PAM Info Message: acct=incomplete
+PAM AcctMgmt()
+  User: "user-needs-reset-integration-mandatory"
+  Result: error: PAM exit code: 25
+    The return value should be ignored by PAM dispatch
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Authenticate_user_with_mfa_required b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Authenticate_user_with_mfa_required
new file mode 100644
index 0000000000..ba9a4cf7e5
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Authenticate_user_with_mfa_required
@@ -0,0 +1,502 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 2
+== Use your phone +33... ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Unlock your phone +33... or accept request on web interface:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 2
+== Use your phone +33... ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Unlock your phone +33... or accept request on web interface:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-mfa-integration-auth-mfa-required-native@gmail.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 1
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+> r
+== Authentication method selection ==
+  1. Use your fido device foo
+  2. Use your phone +33...
+  3. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 2
+== Use your phone +33... ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Unlock your phone +33... or accept request on web interface:
+>
+== Use your fido device foo ==
+Press Enter to wait for authentication or enter 'r' to go back to select the authentication meth
+od
+Plug your fido device and press with your thumb:
+>
+PAM Authenticate()
+  User: "user-mfa-integration-auth-mfa-required-native"
+  Result: success
+PAM AcctMgmt()
+  User: "user-mfa-integration-auth-mfa-required-native"
+  Result: success
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Authenticate_user_with_qr_code_requiring_mfa_auth b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Authenticate_user_with_qr_code_requiring_mfa_auth
new file mode 100644
index 0000000000..1a587c5899
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Authenticate_user_with_qr_code_requiring_mfa_auth
@@ -0,0 +1,1303 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █▀▄▀▀ ▀▀ ██ ▄▄▄▄▄ ████
+████ █   █ ██▄▀▄▀██▀▀█ █   █ ████
+████ █▄▄▄█ █▄▀▄ ▀   ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄▀▄▀ █ █▄▄▄▄▄▄▄████
+████▄█▄▀▄▀▄▀▀█▄▀▀▄█▄ █▀█▄██▄▀████
+█████▄▀ █▄▄ █▀▄██▀ ▀▀▄ ▄██▄ ▄████
+█████  ▄█▀▄▄ █  ▄ ▀█▀▄ ▄█ █▄ ████
+████▄▀▀▀▄▄▄▄▀▄▀█▀▀██▄▄ ▄▀█▄ ▄████
+████▄███▄▄▄█▀█ ▄▄▄▄▀ ▄▄▄  █▀▀████
+████ ▄▄▄▄▄ ██▀██▀ █▄ █▄█  █  ████
+████ █   █ █▄  █ ▄██▄ ▄   ▀██████
+████ █▄▄▄█ █▄  █▄ ▀▄ █▀█ ▀█▀▄████
+████▄▄▄▄▄▄▄█▄▄███▄█▄▄██▄███▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+   https://www.ubuntu-it.org/
+              1340
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █▀▄▀▀ ▀▀ ██ ▄▄▄▄▄ ████
+████ █   █ ██▄▀▄▀██▀▀█ █   █ ████
+████ █▄▄▄█ █▄▀▄ ▀   ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄▀▄▀ █ █▄▄▄▄▄▄▄████
+████▄█▄▀▄▀▄▀▀█▄▀▀▄█▄ █▀█▄██▄▀████
+█████▄▀ █▄▄ █▀▄██▀ ▀▀▄ ▄██▄ ▄████
+█████  ▄█▀▄▄ █  ▄ ▀█▀▄ ▄█ █▄ ████
+████▄▀▀▀▄▄▄▄▀▄▀█▀▀██▄▄ ▄▀█▄ ▄████
+████▄███▄▄▄█▀█ ▄▄▄▄▀ ▄▄▄  █▀▀████
+████ ▄▄▄▄▄ ██▀██▀ █▄ █▄█  █  ████
+████ █   █ █▄  █ ▄██▄ ▄   ▀██████
+████ █▄▄▄█ █▄  █▄ ▀▄ █▀█ ▀█▀▄████
+████▄▄▄▄▄▄▄█▄▄███▄█▄▄██▄███▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+   https://www.ubuntu-it.org/
+              1340
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █▀▄▀▀ ▀▀ ██ ▄▄▄▄▄ ████
+████ █   █ ██▄▀▄▀██▀▀█ █   █ ████
+████ █▄▄▄█ █▄▀▄ ▀   ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄▀▄▀ █ █▄▄▄▄▄▄▄████
+████▄█▄▀▄▀▄▀▀█▄▀▀▄█▄ █▀█▄██▄▀████
+█████▄▀ █▄▄ █▀▄██▀ ▀▀▄ ▄██▄ ▄████
+█████  ▄█▀▄▄ █  ▄ ▀█▀▄ ▄█ █▄ ████
+████▄▀▀▀▄▄▄▄▀▄▀█▀▀██▄▄ ▄▀█▄ ▄████
+████▄███▄▄▄█▀█ ▄▄▄▄▀ ▄▄▄  █▀▀████
+████ ▄▄▄▄▄ ██▀██▀ █▄ █▄█  █  ████
+████ █   █ █▄  █ ▄██▄ ▄   ▀██████
+████ █▄▄▄█ █▄  █▄ ▀▄ █▀█ ▀█▀▄████
+████▄▄▄▄▄▄▄█▄▄███▄█▄▄██▄███▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+   https://www.ubuntu-it.org/
+              1340
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1341
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █▀▄▀▀ ▀▀ ██ ▄▄▄▄▄ ████
+████ █   █ ██▄▀▄▀██▀▀█ █   █ ████
+████ █▄▄▄█ █▄▀▄ ▀   ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄▀▄▀ █ █▄▄▄▄▄▄▄████
+████▄█▄▀▄▀▄▀▀█▄▀▀▄█▄ █▀█▄██▄▀████
+█████▄▀ █▄▄ █▀▄██▀ ▀▀▄ ▄██▄ ▄████
+█████  ▄█▀▄▄ █  ▄ ▀█▀▄ ▄█ █▄ ████
+████▄▀▀▀▄▄▄▄▀▄▀█▀▀██▄▄ ▄▀█▄ ▄████
+████▄███▄▄▄█▀█ ▄▄▄▄▀ ▄▄▄  █▀▀████
+████ ▄▄▄▄▄ ██▀██▀ █▄ █▄█  █  ████
+████ █   █ █▄  █ ▄██▄ ▄   ▀██████
+████ █▄▄▄█ █▄  █▄ ▀▄ █▀█ ▀█▀▄████
+████▄▄▄▄▄▄▄█▄▄███▄█▄▄██▄███▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+   https://www.ubuntu-it.org/
+              1340
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1341
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 1
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+== Authentication method selection ==
+  1. Password authentication
+  2. Send URL to user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth@gmail
+.com
+  3. Use your fido device foo
+  4. Use your phone +33...
+  5. Use your phone +1...
+  6. Pin code
+  7. Use a QR code
+  8. Authentication code
+Or enter 'r' to go back to choose the provider
+Choose your authentication method:
+> 7
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1337
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █ ▄█▄▀ ████ ▄▄▄▄▄ ████
+████ █   █ █▀██▄█▄▄  █ █   █ ████
+████ █▄▄▄█ ██▀ █▄▄ ▄ █ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █ ▄▀▄▄ █▀▄█▄▄▄█ █▄▀█▄█ ▄████
+████  █▄ ▄▄▄   ▀ ▀ ▀█▄▀▄▄▀▀██████
+████▄█▀ █▀▄█ ▀▀ █▀█▀█▄   █▄▄ ████
+████▀▄▀█▀█▄█ ▄▀█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█▀██▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  ▄▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀█▀▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄  ▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄███▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.fr/
+              1338
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █ ▄▄ ▀█▀ ▄▄ ▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀▀▀▄█▄▄▄▀▀██▀█ █   █ ████
+████ █▄▄▄█ ███▀▄█▄▀██▀▀ ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀ ▀▄▀ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████ █▄ █▄▄▄█▀ ▀ ▄▄▀ ▄▄ ▀█ ▀▀▄█▄ ████
+████▀▀▀█▄█▄ ▄▄█▀▄▀  ███▀▀▄▀  █▄▄▀████
+████████ █▄▀ ▄█▄█▀██▄ █ ▀▀▀██▄ ▀▀████
+████▀▄ ▄▀▄▄█▄████▀▄▀█▄▄▄ ▄▄ ▀█▄ ▄████
+█████▄▀▄▀ ▄▄█▄█  ▀███▀█▄ ▄█▀▄ ▀ █████
+████▄█ ▀ ▄▄ ▄▀█▀▀██▀▀ ▀█▄█▀▀██ ██████
+█████▄██▄█▄▄  ██▄ ▀ █▀▀  ▄▄▄   ▀▀████
+████ ▄▄▄▄▄ █ ██▀ ▄██ ▀▄▄ █▄█  █ █████
+████ █   █ █▀▀▄▄▄█ ▄▀▀██▄ ▄  ▀▄ ▄████
+████ █▄▄▄█ █▄ ▀▄██ ▄ ██ ▀█▀ ▀▀▄▀▄████
+████▄▄▄▄▄▄▄█▄▄█▄▄█▄▄▄▄█▄▄▄▄██▄█▄█████
+█████████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+     https://ubuntuforum-br.org/
+                1339
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █▀▄▀▀ ▀▀ ██ ▄▄▄▄▄ ████
+████ █   █ ██▄▀▄▀██▀▀█ █   █ ████
+████ █▄▄▄█ █▄▀▄ ▀   ██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄▀▄▀▄▀ █ █▄▄▄▄▄▄▄████
+████▄█▄▀▄▀▄▀▀█▄▀▀▄█▄ █▀█▄██▄▀████
+█████▄▀ █▄▄ █▀▄██▀ ▀▀▄ ▄██▄ ▄████
+█████  ▄█▀▄▄ █  ▄ ▀█▀▄ ▄█ █▄ ████
+████▄▀▀▀▄▄▄▄▀▄▀█▀▀██▄▄ ▄▀█▄ ▄████
+████▄███▄▄▄█▀█ ▄▄▄▄▀ ▄▄▄  █▀▀████
+████ ▄▄▄▄▄ ██▀██▀ █▄ █▄█  █  ████
+████ █   █ █▄  █ ▄██▄ ▄   ▀██████
+████ █▄▄▄█ █▄  █▄ ▀▄ █▀█ ▀█▀▄████
+████▄▄▄▄▄▄▄█▄▄███▄█▄▄██▄███▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+   https://www.ubuntu-it.org/
+              1340
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 2
+== Use a QR code ==
+Scan the qrcode or enter the code in the login page
+█████████████████████████████████
+█████████████████████████████████
+████ ▄▄▄▄▄ █  ▀▀█▄██ █ ▄▄▄▄▄ ████
+████ █   █ █▀▄██ ▄▄▄██ █   █ ████
+████ █▄▄▄█ ██▄ █ ▄ ▄▄█ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█ ▀▄▀▄▀ ▀▄█▄▄▄▄▄▄▄████
+████▄█ ▄█ ▄ ▀█▄▀▀▄▄█ █▄▀█▄█ ▄████
+█████▀█▀▄ ▄ ▄▀█▀▀▀ ▀█▄▀▄▄▀▀██████
+████▄  █▀█▄▄▄██ █▀█▀█▄   █▄▄ ████
+████▀▄  ▀▄▄█ ▄▄█ ▀▄▀▀ ▀▀ █▄▄▀████
+███████▄▄█▄█  ▀▄▀▀█▀ ▄▄▄ ▄ ▄ ████
+████ ▄▄▄▄▄ █  █▄ ██▀ █▄█ █▄  ████
+████ █   █ █▀▄ ▄  ▀▀▄  ▄  ▀▀▀████
+████ █▄▄▄█ █▄█▄▄▄▄█ █  █ █ ▄█████
+████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████
+█████████████████████████████████
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+       https://ubuntu.com
+              1341
+
+  1. Wait for authentication result
+  2. Regenerate code
+Or enter 'r' to go back to select the authentication method
+Choose action:
+> 1
+PAM Authenticate()
+  User: "user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth"
+  Result: success
+PAM AcctMgmt()
+  User: "user-integration-native-authenticate-user-with-qr-code-requiring-mfa-auth"
+  Result: success
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password
new file mode 100644
index 0000000000..69c98e4aad
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password
@@ -0,0 +1,47 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+PAM Error Message: Additional authentication factors are required
+PAM Authenticate()
+  User: "user-integration-native-deny-authentication-if-mfa-authentication-is-required-with-password"
+  Result: error: PAM exit code: 8
+    Insufficient credentials to access authentication data
+acct=incomplete
+PAM AcctMgmt()
+  User: "user-integration-native-deny-authentication-if-mfa-authentication-is-required-with-password"
+  Result: error: PAM exit code: 25
+    The return value should be ignored by PAM dispatch
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password_reset b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password_reset
new file mode 100644
index 0000000000..161bc4fd11
--- /dev/null
+++ b/pam/integration-tests/testdata/golden/TestNativeAuthenticate/Deny_authentication_if_MFA_authentication_is_required_with_password_reset
@@ -0,0 +1,88 @@
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+Password reset, 1 step(s) missing
+== Password reset ==
+Enter 'r' to cancel the request and go back to choose the provider
+Enter your new password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+Password reset, 1 step(s) missing
+== Password reset ==
+Enter 'r' to cancel the request and go back to choose the provider
+Enter your new password:
+>
+Confirm Password:
+>
+────────────────────────────────────────────────────────────────────────────────
+> ./pam_authd login socket=${AUTHD_TEST_TAPE_SOCKET} force_native_client=true require_mfa=true
+== Provider selection ==
+  1. local
+  2. ExampleBroker
+Choose your provider:
+> 2
+== Password authentication ==
+Enter 'r' to cancel the request and go back to select the authentication method
+Gimme your password:
+>
+Password reset, 1 step(s) missing
+== Password reset ==
+Enter 'r' to cancel the request and go back to choose the provider
+Enter your new password:
+>
+Confirm Password:
+>
+PAM Error Message: Additional authentication factors are required
+PAM Authenticate()
+  User: "user-needs-reset-integration-mandatory-mfa-required-native"
+  Result: error: PAM exit code: 8
+    Insufficient credentials to access authentication data
+acct=incomplete
+PAM AcctMgmt()
+  User: "user-needs-reset-integration-mandatory-mfa-required-native"
+  Result: error: PAM exit code: 25
+    The return value should be ignored by PAM dispatch
+>
+────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/internal/adapter/authentication.go b/pam/internal/adapter/authentication.go
index a21bf68d5f..64519d23eb 100644
--- a/pam/internal/adapter/authentication.go
+++ b/pam/internal/adapter/authentication.go
@@ -124,6 +124,9 @@ type authenticationModel struct {
 	clientType PamClientType
 	mode       authd.SessionMode
 
+	requireMFA          bool
+	verifiedAuthLayouts []string
+
 	inProgress       bool
 	currentModel     authenticationComponent
 	currentSessionID string
@@ -169,11 +172,12 @@ type newPasswordCheckResult struct {
 }
 
 // newAuthenticationModel initializes a authenticationModel which needs to be Compose then.
-func newAuthenticationModel(client authd.PAMClient, clientType PamClientType, mode authd.SessionMode) authenticationModel {
+func newAuthenticationModel(client authd.PAMClient, clientType PamClientType, mode authd.SessionMode, requireMFA bool) authenticationModel {
 	return authenticationModel{
 		client:      client,
 		clientType:  clientType,
 		mode:        mode,
+		requireMFA:  requireMFA,
 		authTracker: &authTracker{cond: sync.NewCond(&sync.Mutex{})},
 	}
 }
@@ -195,6 +199,9 @@ func (m *authenticationModel) cancelIsAuthenticated() tea.Cmd {
 func (m authenticationModel) Update(msg tea.Msg) (authModel authenticationModel, command tea.Cmd) {
 	switch msg := msg.(type) {
 	case StageChanged:
+		if msg.Stage < pam_proto.Stage_authModeSelection {
+			m.verifiedAuthLayouts = nil
+		}
 		if msg.Stage != pam_proto.Stage_challenge {
 			return m, nil
 		}
@@ -318,7 +325,8 @@ func (m authenticationModel) Update(msg tea.Msg) (authModel authenticationModel,
 		return m, m.cancelIsAuthenticated()
 
 	case isAuthenticatedResultReceived:
-		safeMessageDebug(msg)
+		safeMessageDebug(msg, "current layout %q, verified layouts %#v",
+			m.currentLayout, m.verifiedAuthLayouts)
 
 		// Resets password if the authentication wasn't successful.
 		defer func() {
@@ -346,6 +354,15 @@ func (m authenticationModel) Update(msg tea.Msg) (authModel authenticationModel,
 
 		switch msg.access {
 		case auth.Granted:
+			m.maybeUpdateVerifiedAuthLayouts(m.currentLayout)
+			if m.requireMFA && len(m.verifiedAuthLayouts) < 2 &&
+				!isMultiFactorLayout(m.currentLayout) {
+				return m, sendEvent(pamError{
+					status: pam.ErrCredInsufficient,
+					msg:    "Additional authentication factors are required",
+				})
+			}
+
 			return m, sendEvent(PamSuccess{BrokerID: m.currentBrokerID, msg: authMsg})
 
 		case auth.Retry:
@@ -359,6 +376,8 @@ func (m authenticationModel) Update(msg tea.Msg) (authModel authenticationModel,
 			return m, sendEvent(pamError{status: pam.ErrAuth, msg: authMsg})
 
 		case auth.Next:
+			m.maybeUpdateVerifiedAuthLayouts(m.currentLayout)
+
 			if authMsg != "" {
 				m.errorMsg = authMsg
 
@@ -376,6 +395,8 @@ func (m authenticationModel) Update(msg tea.Msg) (authModel authenticationModel,
 			return m, sendEvent(GetAuthenticationModesRequested{})
 
 		case auth.Cancelled:
+			m.verifiedAuthLayouts = nil
+
 			// nothing to do
 			return m, nil
 		}
@@ -419,6 +440,14 @@ func (m authenticationModel) Focus() tea.Cmd {
 	return m.currentModel.Focus()
 }
 
+func (m *authenticationModel) maybeUpdateVerifiedAuthLayouts(authLayout string) {
+	if authLayout == "" || authLayout == layouts.NewPassword {
+		return
+	}
+
+	m.verifiedAuthLayouts = append(m.verifiedAuthLayouts, authLayout)
+}
+
 // Focused returns if this model is focused.
 func (m authenticationModel) Focused() bool {
 	if m.currentModel == nil {
@@ -438,12 +467,11 @@ func (m *authenticationModel) Blur() {
 
 // Compose initialize the authentication model to be used.
 // It creates and attaches the sub layout models based on UILayout.
-func (m *authenticationModel) Compose(brokerID, sessionID string, encryptionKey *rsa.PublicKey, layout *authd.UILayout) tea.Cmd {
+func (m *authenticationModel) Compose(brokerID, sessionID string, encryptionKey *rsa.PublicKey, authModeID string, layout *authd.UILayout) tea.Cmd {
 	m.currentBrokerID = brokerID
 	m.currentSessionID = sessionID
 	m.encryptionKey = encryptionKey
 	m.currentLayout = layout.Type
-
 	m.errorMsg = ""
 
 	if m.clientType != InteractiveTerminal {
@@ -532,6 +560,15 @@ func dataToMsg(data string) (string, error) {
 	return r, nil
 }
 
+func isMultiFactorLayout(layout string) bool {
+	switch layout {
+	case layouts.QrCode:
+		return true
+	default:
+		return false
+	}
+}
+
 func (authData *isAuthenticatedRequestedSend) encryptSecretIfPresent(publicKey *rsa.PublicKey) (*string, error) {
 	// no password value, pass it as is
 	secret, ok := authData.item.(*authd.IARequest_AuthenticationData_Secret)
diff --git a/pam/internal/adapter/gdmmodel_test.go b/pam/internal/adapter/gdmmodel_test.go
index 7625d73e94..aa3e727e6c 100644
--- a/pam/internal/adapter/gdmmodel_test.go
+++ b/pam/internal/adapter/gdmmodel_test.go
@@ -2479,7 +2479,7 @@ func TestGdmModel(t *testing.T) {
 
 			var exitStatus PamReturnStatus
 			uiModel := newUIModelForClients(pam_test.NewModuleTransactionDummy(gdmHandler),
-				Gdm, tc.sessionMode, tc.client, nil, &exitStatus)
+				Gdm, tc.sessionMode, false, tc.client, nil, &exitStatus)
 
 			appState := gdmTestUIModel{
 				uiModel:             uiModel,
diff --git a/pam/internal/adapter/model.go b/pam/internal/adapter/model.go
index 7a41a582c4..39e25fd707 100644
--- a/pam/internal/adapter/model.go
+++ b/pam/internal/adapter/model.go
@@ -128,19 +128,19 @@ type ChangeStage struct {
 type StageChanged ChangeStage
 
 // NewUIModel creates and initializes the main model orchestrator.
-func NewUIModel(mTx pam.ModuleTransaction, clientType PamClientType, mode authd.SessionMode, conn *grpc.ClientConn, exitStatus *PamReturnStatus) tea.Model {
+func NewUIModel(mTx pam.ModuleTransaction, clientType PamClientType, mode authd.SessionMode, requireMFA bool, conn *grpc.ClientConn, exitStatus *PamReturnStatus) tea.Model {
 	var userServiceClient authd.UserServiceClient
 	if conn != nil && isSSHSession(mTx) {
 		userServiceClient = authd.NewUserServiceClient(conn)
 	}
 
-	m := newUIModelForClients(mTx, clientType, mode, authd.NewPAMClient(conn), userServiceClient, exitStatus)
+	m := newUIModelForClients(mTx, clientType, mode, requireMFA, authd.NewPAMClient(conn), userServiceClient, exitStatus)
 	m.conn = conn
 	return m
 }
 
 // newUIModelForClients is the internal implementation of [NewUIModel] for testing purposes.
-func newUIModelForClients(mTx pam.ModuleTransaction, clientType PamClientType, mode authd.SessionMode, pamClient authd.PAMClient, userServiceClient authd.UserServiceClient, exitStatus *PamReturnStatus) uiModel {
+func newUIModelForClients(mTx pam.ModuleTransaction, clientType PamClientType, mode authd.SessionMode, requireMFA bool, pamClient authd.PAMClient, userServiceClient authd.UserServiceClient, exitStatus *PamReturnStatus) uiModel {
 	m := uiModel{
 		pamMTx:      mTx,
 		clientType:  clientType,
@@ -163,7 +163,7 @@ func newUIModelForClients(mTx pam.ModuleTransaction, clientType PamClientType, m
 	m.userSelectionModel = newUserSelectionModel(m.pamMTx, m.clientType)
 	m.brokerSelectionModel = newBrokerSelectionModel(m.client, m.clientType)
 	m.authModeSelectionModel = newAuthModeSelectionModel(m.clientType)
-	m.authenticationModel = newAuthenticationModel(m.client, m.clientType, mode)
+	m.authenticationModel = newAuthenticationModel(m.client, m.clientType, mode, requireMFA)
 	m.healthCheckCancel = func() {}
 
 	return m
@@ -381,6 +381,7 @@ func (m uiModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				m.currentSession.brokerID,
 				m.currentSession.sessionID,
 				m.currentSession.encryptionKey,
+				m.authModeSelectionModel.currentAuthModeSelectedID,
 				msg.layout,
 			),
 			m.updateClientModel(msg),
diff --git a/pam/pam.go b/pam/pam.go
index bf9cf85208..94bd0adf89 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -60,6 +60,7 @@ var supportedArgs = []string{
 	"connection_timeout",  // The timeout on connecting to authd socket in milliseconds (defaults to 2 seconds).
 	"force_native_client", // Use native PAM client instead of custom UIs.
 	"force_reauth",        // Whether the authentication should be performed again even if it has been already completed.
+	"require_mfa",         // Require MFA: treat single-step or single-device authentication as insufficient credentials.
 }
 
 // parseArgs parses the PAM arguments and returns a map of them and a function that logs the parsing issues.
@@ -317,8 +318,10 @@ func (h *pamModule) handleAuthRequest(mode authd.SessionMode, mTx pam.ModuleTran
 		return err
 	}
 
+	requireMFA, _ := strconv.ParseBool(parsedArgs["require_mfa"])
+
 	var exitStatus adapter.PamReturnStatus
-	appState := adapter.NewUIModel(mTx, pamClientType, mode, conn, &exitStatus)
+	appState := adapter.NewUIModel(mTx, pamClientType, mode, requireMFA, conn, &exitStatus)
 	teaOpts = append(teaOpts, tea.WithFilter(adapter.MsgFilter))
 	p := tea.NewProgram(appState, teaOpts...)
 	if _, err := p.Run(); err != nil {
diff --git a/tools/go.mod b/tools/go.mod
index 836962ce46..f06072b13d 100644
--- a/tools/go.mod
+++ b/tools/go.mod
@@ -6,7 +6,7 @@ toolchain go1.25.5
 
 require (
 	github.com/golang/protobuf v1.5.4
-	github.com/golangci/golangci-lint/v2 v2.6.2
+	github.com/golangci/golangci-lint/v2 v2.7.2
 	github.com/msteinert/pam/v2 v2.0.0-00010101000000-000000000000
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.0
 )
@@ -27,7 +27,7 @@ require (
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Djarvur/go-err113 v0.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.4.0 // indirect
-	github.com/MirrexOne/unqueryvet v1.2.1 // indirect
+	github.com/MirrexOne/unqueryvet v1.3.0 // indirect
 	github.com/OpenPeeDeeP/depguard/v2 v2.2.1 // indirect
 	github.com/alecthomas/chroma/v2 v2.20.0 // indirect
 	github.com/alecthomas/go-check-sumtype v0.3.1 // indirect
@@ -48,7 +48,7 @@ require (
 	github.com/breml/errchkjson v0.4.1 // indirect
 	github.com/butuzov/ireturn v0.4.0 // indirect
 	github.com/butuzov/mirror v1.3.0 // indirect
-	github.com/catenacyber/perfsprint v0.10.0 // indirect
+	github.com/catenacyber/perfsprint v0.10.1 // indirect
 	github.com/ccojocar/zxcvbn-go v1.0.4 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/charithe/durationcheck v0.0.11 // indirect
@@ -82,7 +82,7 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/go-xmlfmt/xmlfmt v1.1.3 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/godoc-lint/godoc-lint v0.10.1 // indirect
+	github.com/godoc-lint/godoc-lint v0.10.2 // indirect
 	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/golangci/asciicheck v0.5.0 // indirect
 	github.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32 // indirect
@@ -101,7 +101,7 @@ require (
 	github.com/gostaticanalysis/forcetypeassert v0.2.0 // indirect
 	github.com/gostaticanalysis/nilerr v0.1.2 // indirect
 	github.com/hashicorp/go-immutable-radix/v2 v2.1.0 // indirect
-	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/hashicorp/go-version v1.8.0 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hexops/gotextdiff v1.0.3 // indirect
@@ -134,7 +134,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/mgechev/revive v1.12.0 // indirect
+	github.com/mgechev/revive v1.13.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moricho/tparallel v0.3.2 // indirect
@@ -165,26 +165,26 @@ require (
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
 	github.com/sashamelentyev/interfacebloat v1.1.0 // indirect
 	github.com/sashamelentyev/usestdlibvars v1.29.0 // indirect
-	github.com/securego/gosec/v2 v2.22.10 // indirect
+	github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/sivchari/containedctx v1.0.3 // indirect
 	github.com/sonatard/noctx v0.4.0 // indirect
 	github.com/sourcegraph/go-diff v0.7.0 // indirect
-	github.com/spf13/afero v1.14.0 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/cobra v1.10.1 // indirect
+	github.com/spf13/cobra v1.10.2 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/spf13/viper v1.12.0 // indirect
 	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
-	github.com/stbenjam/no-sprintf-host-port v0.2.0 // indirect
+	github.com/stbenjam/no-sprintf-host-port v0.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/tetafro/godot v1.5.4 // indirect
 	github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 // indirect
 	github.com/timonwong/loggercheck v0.11.0 // indirect
-	github.com/tomarrell/wrapcheck/v2 v2.11.0 // indirect
+	github.com/tomarrell/wrapcheck/v2 v2.12.0 // indirect
 	github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect
 	github.com/ultraware/funlen v0.2.0 // indirect
 	github.com/ultraware/whitespace v0.2.0 // indirect
@@ -203,12 +203,13 @@ require (
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20251023183803-a4bb9ffd2546 // indirect
-	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/mod v0.30.0 // indirect
 	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/tools/go.sum b/tools/go.sum
index f12981707f..e01020938f 100644
--- a/tools/go.sum
+++ b/tools/go.sum
@@ -65,8 +65,8 @@ github.com/Djarvur/go-err113 v0.1.1 h1:eHfopDqXRwAi+YmCUas75ZE0+hoBHJ2GQNLYRSxao
 github.com/Djarvur/go-err113 v0.1.1/go.mod h1:IaWJdYFLg76t2ihfflPZnM1LIQszWOsFDh2hhhAVF6k=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
-github.com/MirrexOne/unqueryvet v1.2.1 h1:M+zdXMq84g+E1YOLa7g7ExN3dWfZQrdDSTCM7gC+m/A=
-github.com/MirrexOne/unqueryvet v1.2.1/go.mod h1:IWwCwMQlSWjAIteW0t+28Q5vouyktfujzYznSIWiuOg=
+github.com/MirrexOne/unqueryvet v1.3.0 h1:5slWSomgqpYU4zFuZ3NNOfOUxVPlXFDBPAVasZOGlAY=
+github.com/MirrexOne/unqueryvet v1.3.0/go.mod h1:IWwCwMQlSWjAIteW0t+28Q5vouyktfujzYznSIWiuOg=
 github.com/OpenPeeDeeP/depguard/v2 v2.2.1 h1:vckeWVESWp6Qog7UZSARNqfu/cZqvki8zsuj3piCMx4=
 github.com/OpenPeeDeeP/depguard/v2 v2.2.1/go.mod h1:q4DKzC4UcVaAvcfd41CZh0PWpGgzrVxUYBlgKNGquUo=
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
@@ -118,8 +118,8 @@ github.com/butuzov/ireturn v0.4.0 h1:+s76bF/PfeKEdbG8b54aCocxXmi0wvYdOVsWxVO7n8E
 github.com/butuzov/ireturn v0.4.0/go.mod h1:ghI0FrCmap8pDWZwfPisFD1vEc56VKH4NpQUxDHta70=
 github.com/butuzov/mirror v1.3.0 h1:HdWCXzmwlQHdVhwvsfBb2Au0r3HyINry3bDWLYXiKoc=
 github.com/butuzov/mirror v1.3.0/go.mod h1:AEij0Z8YMALaq4yQj9CPPVYOyJQyiexpQEQgihajRfI=
-github.com/catenacyber/perfsprint v0.10.0 h1:AZj1mYyxbxLRqmnYOeguZXEQwWOgQGm2wzLI5d7Hl/0=
-github.com/catenacyber/perfsprint v0.10.0/go.mod h1:DJTGsi/Zufpuus6XPGJyKOTMELe347o6akPvWG9Zcsc=
+github.com/catenacyber/perfsprint v0.10.1 h1:u7Riei30bk46XsG8nknMhKLXG9BcXz3+3tl/WpKm0PQ=
+github.com/catenacyber/perfsprint v0.10.1/go.mod h1:DJTGsi/Zufpuus6XPGJyKOTMELe347o6akPvWG9Zcsc=
 github.com/ccojocar/zxcvbn-go v1.0.4 h1:FWnCIRMXPj43ukfX000kvBZvV6raSxakYr1nzyNrUcc=
 github.com/ccojocar/zxcvbn-go v1.0.4/go.mod h1:3GxGX+rHmueTUMvm5ium7irpyjmm7ikxYFOSJB21Das=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -225,8 +225,8 @@ github.com/go-xmlfmt/xmlfmt v1.1.3 h1:t8Ey3Uy7jDSEisW2K3somuMKIpzktkWptA0iFCnRUW
 github.com/go-xmlfmt/xmlfmt v1.1.3/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/godoc-lint/godoc-lint v0.10.1 h1:ZPUVzlDtJfA+P688JfPJPkI/SuzcBr/753yGIk5bOPA=
-github.com/godoc-lint/godoc-lint v0.10.1/go.mod h1:KleLcHu/CGSvkjUH2RvZyoK1MBC7pDQg4NxMYLcBBsw=
+github.com/godoc-lint/godoc-lint v0.10.2 h1:dksNgK+zebnVlj4Fx83CRnCmPO0qRat/9xfFsir1nfg=
+github.com/godoc-lint/godoc-lint v0.10.2/go.mod h1:KleLcHu/CGSvkjUH2RvZyoK1MBC7pDQg4NxMYLcBBsw=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
 github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -267,8 +267,8 @@ github.com/golangci/go-printf-func-name v0.1.1 h1:hIYTFJqAGp1iwoIfsNTpoq1xZAarog
 github.com/golangci/go-printf-func-name v0.1.1/go.mod h1:Es64MpWEZbh0UBtTAICOZiB+miW53w/K9Or/4QogJss=
 github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d h1:viFft9sS/dxoYY0aiOTsLKO2aZQAPT4nlQCsimGcSGE=
 github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d/go.mod h1:ivJ9QDg0XucIkmwhzCDsqcnxxlDStoTl89jDMIoNxKY=
-github.com/golangci/golangci-lint/v2 v2.6.2 h1:jkMSVv36JmyTENcEertckvimvjPcD5qxNM7W7qhECvI=
-github.com/golangci/golangci-lint/v2 v2.6.2/go.mod h1:fSIMDiBt9kzdpnvvV7GO6iWzyv5uaeZ+iPor+2uRczE=
+github.com/golangci/golangci-lint/v2 v2.7.2 h1:AhBC+YeEueec4AGlIbvPym5C70Thx0JykIqXbdIXWx0=
+github.com/golangci/golangci-lint/v2 v2.7.2/go.mod h1:pDijleoBu7e8sejMqyZ3L5n6geqe+cVvOAz2QImqqVc=
 github.com/golangci/golines v0.0.0-20250217134842-442fd0091d95 h1:AkK+w9FZBXlU/xUmBtSJN1+tAI4FIvy5WtnUnY8e4p8=
 github.com/golangci/golines v0.0.0-20250217134842-442fd0091d95/go.mod h1:k9mmcyWKSTMcPPvQUCfRWWQ9VHJ1U9Dc0R7kaXAgtnQ=
 github.com/golangci/misspell v0.7.0 h1:4GOHr/T1lTW0hhR4tgaaV1WS/lJ+ncvYCoFKmqJsj0c=
@@ -330,8 +330,8 @@ github.com/hashicorp/go-immutable-radix/v2 v2.1.0/go.mod h1:hgdqLXA4f6NIjRVisM1T
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
-github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4=
+github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
@@ -421,8 +421,8 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mgechev/revive v1.12.0 h1:Q+/kkbbwerrVYPv9d9efaPGmAO/NsxwW/nE6ahpQaCU=
-github.com/mgechev/revive v1.12.0/go.mod h1:VXsY2LsTigk8XU9BpZauVLjVrhICMOV3k1lpB3CXrp8=
+github.com/mgechev/revive v1.13.0 h1:yFbEVliCVKRXY8UgwEO7EOYNopvjb1BFbmYqm9hZjBM=
+github.com/mgechev/revive v1.13.0/go.mod h1:efJfeBVCX2JUumNQ7dtOLDja+QKj9mYGgEZA7rt5u+0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
@@ -446,8 +446,8 @@ github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm
 github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
 github.com/nunnatsa/ginkgolinter v0.21.2 h1:khzWfm2/Br8ZemX8QM1pl72LwM+rMeW6VUbQ4rzh0Po=
 github.com/nunnatsa/ginkgolinter v0.21.2/go.mod h1:GItSI5fw7mCGLPmkvGYrr1kEetZe7B593jcyOpyabsY=
-github.com/onsi/ginkgo/v2 v2.26.0 h1:1J4Wut1IlYZNEAWIV3ALrT9NfiaGW2cDCJQSFQMs/gE=
-github.com/onsi/ginkgo/v2 v2.26.0/go.mod h1:qhEywmzWTBUY88kfO0BRvX4py7scov9yR+Az2oavUzw=
+github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns=
+github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
 github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A=
 github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
@@ -523,8 +523,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tM
 github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ=
 github.com/sashamelentyev/usestdlibvars v1.29.0 h1:8J0MoRrw4/NAXtjQqTHrbW9NN+3iMf7Knkq057v4XOQ=
 github.com/sashamelentyev/usestdlibvars v1.29.0/go.mod h1:8PpnjHMk5VdeWlVb4wCdrB8PNbLqZ3wBZTZWkrpZZL8=
-github.com/securego/gosec/v2 v2.22.10 h1:ntbBqdWXnu46DUOXn+R2SvPo3PiJCDugTCgTW2g4tQg=
-github.com/securego/gosec/v2 v2.22.10/go.mod h1:9UNjK3tLpv/w2b0+7r82byV43wCJDNtEDQMeS+H/g2w=
+github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7 h1:rZg6IGn0ySYZwCX8LHwZoYm03JhG/cVAJJ3O+u3Vclo=
+github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7/go.mod h1:9sr22NZO5Kfh7unW/xZxkGYTmj2484/fCiE54gw7UTY=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
@@ -540,12 +540,12 @@ github.com/sonatard/noctx v0.4.0 h1:7MC/5Gg4SQ4lhLYR6mvOP6mQVSxCrdyiExo7atBs27o=
 github.com/sonatard/noctx v0.4.0/go.mod h1:64XdbzFb18XL4LporKXp8poqZtPKbCrqQ402CV+kJas=
 github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0=
 github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
-github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA=
-github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
-github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -556,8 +556,8 @@ github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
 github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
 github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0=
 github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
-github.com/stbenjam/no-sprintf-host-port v0.2.0 h1:i8pxvGrt1+4G0czLr/WnmyH7zbZ8Bg8etvARQ1rpyl4=
-github.com/stbenjam/no-sprintf-host-port v0.2.0/go.mod h1:eL0bQ9PasS0hsyTyfTjjG+E80QIyPnBVQbYZyv20Jfk=
+github.com/stbenjam/no-sprintf-host-port v0.3.1 h1:AyX7+dxI4IdLBPtDbsGAyqiTSLpCP9hWRrXQDU4Cm/g=
+github.com/stbenjam/no-sprintf-host-port v0.3.1/go.mod h1:ODbZesTCHMVKthBHskvUUexdcNHAQRXk9NpSsL8p/HQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
@@ -580,8 +580,8 @@ github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 h1:9LPGD+jzxMlnk
 github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67/go.mod h1:mkjARE7Yr8qU23YcGMSALbIxTQ9r9QBVahQOBRfU460=
 github.com/timonwong/loggercheck v0.11.0 h1:jdaMpYBl+Uq9mWPXv1r8jc5fC3gyXx4/WGwTnnNKn4M=
 github.com/timonwong/loggercheck v0.11.0/go.mod h1:HEAWU8djynujaAVX7QI65Myb8qgfcZ1uKbdpg3ZzKl8=
-github.com/tomarrell/wrapcheck/v2 v2.11.0 h1:BJSt36snX9+4WTIXeJ7nvHBQBcm1h2SjQMSlmQ6aFSU=
-github.com/tomarrell/wrapcheck/v2 v2.11.0/go.mod h1:wFL9pDWDAbXhhPZZt+nG8Fu+h29TtnZ2MW6Lx4BRXIU=
+github.com/tomarrell/wrapcheck/v2 v2.12.0 h1:H/qQ1aNWz/eeIhxKAFvkfIA+N7YDvq6TWVFL27Of9is=
+github.com/tomarrell/wrapcheck/v2 v2.12.0/go.mod h1:AQhQuZd0p7b6rfW+vUwHm5OMCGgp63moQ9Qr/0BpIWo=
 github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw=
 github.com/tommy-muehle/go-mnd/v2 v2.5.1/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
 github.com/ultraware/funlen v0.2.0 h1:gCHmCn+d2/1SemTdYMiKLAHFYxTYz7z9VIDRaTGyLkI=
@@ -688,8 +688,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
-golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -728,8 +728,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
-golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -804,8 +804,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -822,8 +822,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -877,8 +877,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM=
 golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=