2FA Authenticator App enabling before user confirms setup.

[jdrames]

If a user is already using a 2FA method such as Email or Phone and is provided the option to change to an Authenticator App it is enabling the Authenticator MFA provider before the user submits a token to confirm the app is setup. When using the example from the Microsoft Documentation. Is there any way to prevent this? Or is the best practice to have the user disable their current 2FA?

Example code from Microsofts Documentation Page that is used to get the authenticator key data to generate a QR Code

var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
	await _userManager.ResetAuthenticatorKeyAsync(user);
	unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}

Should I do something like this:

// remove 2FA first
await _userManager.SetTwoFactorEnabledAsync(user, false);
var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
	await _userManager.ResetAuthenticatorKeyAsync(user);
	unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}

I'm hesitant to do this. If a user accidentally clicks on the option for enabling the Authenticator App and then navigates away from the page before completing the setup in their app/confirming a token they would think they haven't made any changes to their account when in fact they now have no 2FA setup on their account at all then.