why the queries of FetchSecAuthOTPTask is executed while GetOTPTask call

Document ID : KB000102680
Last Modified Date : 19/06/2018
Show Technical Document Details
Introduction:
FetchSecAuthOTPTask vs GetOTPTask
Question:
Why the queries of FetchSecAuthOTPTask is executed while GetOTPTask being called? 
Environment:
Applicable for all the envs
Answer:
Usually in secondary authentication flow where OTP authentication is required, first FetchSecAuthOTPTask is invoked to check mainly the status of OTP credential (whether it is locked, deleted or disabled) for the  user. Hence you are finding the queries of FetchSecAuthOTPTask.
In case credential status it ok or not found, then GetOTPTask is invoked to create a new OTP that is sent to user by e-mail or SMS.
 
FetchSecAuthOTPTask
This class Fetches the OTP credential during different secondary authentication flows like if computer is public device from Risk point of view and OTP has to be sent by e-mail or SMS. Similarly,  when ArcotID has to be downloaded on public device, then OTP credentials are fetched during this call to sent it via e-mail or SMS. The main purpose of this class is to fetch OTP credentials and check whether it is locked, disabled or deleted. Otherwise, GetOTPTask is invoked to create an OTP.
 
GetOTPTask
Creates OTP credential for user mainly during enrollment flow. This call is also invoked in above mentioned scenarios when OTP is not locked or disabled or deleted, in order to create a new OTP.
 
Additional Information:
https://communities.ca.com/message/242121552