Feature: In universal login, user should be able to cancel the OTP challenge
Description: At present when a user successfully enters their username and password and are then taken to the (T)OTP view, there is no way to cancel the request. There is no cancel or back button and even if the user re-enters the application login page, they are redirect straight to the OTP challenge page.
Use-case: There can be arguments that normal users would rarely need to go back to the login form, but I believe it is standard that a user may cancel a login flow, or at the very least restart it by going back to the application login page. This is also helpful when developers are developing and testing login flows.