Begin TOTP MFA enrollment

POST 
/auth/login/mfa/setup/start

Calls Cognito AssociateSoftwareToken and returns a TOTP secret + ready-to-render otpauth:// URL the SPA can encode as a QR code.

Request

Responses

200

TOTP secret + otpauth URL.

400

Missing fields, unknown tenant, or Cognito error.