At last wrt. login and register for doing the "first" auth which is then stored in the authenticator, e.g. a username/password login).
These are all relatively common business requirements.
The web already has a perfectly good solution for arbitrary forms, and has had it for decades. Just use that.