web/flow: reset stale authenticator selection between consecutive validate stages

[Oluwatobi-Mustapha]

Fixes #14941

When the authenticator-validate stage component is reused across consecutive MFA stages, the previous selected challenge can persist into the next stage even if that challenge is no longer allowed.

This change resets the selected challenge when challenge updates and the previous selection is not present in the new deviceChallenges set, then re-runs the existing auto-selection initialization path for the new challenge.

Also adds unit coverage for stale-selection reset behavior.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	3975722
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/69bc03e0e9491f000876ee0f
😎 Deploy Preview	https://deploy-preview-20802--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	3975722
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/69bc03e08141300007d0ccbe
😎 Deploy Preview	https://deploy-preview-20802--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	87c4a8a
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/69aea818142cf20008f94a2b
😎 Deploy Preview	https://deploy-preview-20802--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	3975722
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/69bc03e03001f80007d69c33
😎 Deploy Preview	https://deploy-preview-20802--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.44%. Comparing base (25d3d57) to head (3975722).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #20802      +/-   ##
==========================================
- Coverage   93.49%   93.44%   -0.05%     
==========================================
  Files         993      993              
  Lines       56146    56146              
==========================================
- Hits        52491    52468      -23     
- Misses       3655     3678      +23     

Flag	Coverage Δ
conformance	37.33% <ø> (-0.06%)	⬇️
e2e	42.89% <ø> (+<0.01%)	⬆️
integration	22.16% <ø> (-0.05%)	⬇️
unit	91.69% <ø> (+<0.01%)	⬆️
unit-migrate	91.79% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[GirlBossRush]

@Oluwatobi-Mustapha Thank you sending such a detailed PR! 🥂

The changes here look great and align with an ongoing effort to make the flow stages easier to test and reason about. I can merge this now and the changes should appear in the next release, as well as our next patch release of 2026.2

[authentik-automation]

⚠️ Cherry-pick to version-2026.2 has conflicts: #21014