makles changes to mfa docs

Author: rishabhpoddar

v2/mfa/email-sms-otp/otp-for-all-users.mdx

@@ -388,7 +388,7 @@ We can know which case it is by checking if the `emails` object returned from [M
 #### Case 1 implementation: User needs to enter their email
 In this case, we need to create a form wherein the user can enter their email. Once they submit the form, we need to call the [createCode API](/docs/passwordless/custom-ui/login-otp).
 
-After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp).
+After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp). If the API call returns a `RESTART_FLOW_ERROR`, you can handle this by asking the user to enter their email once again and then call the `createCode` function.
 
 #### Case 2 implementation: User needs to complete the OTP challenge
 
@@ -398,12 +398,16 @@ This case is when the user already has an email associated with their account an
 
 You can even show a UI here asking the user to pick an email from the array if you like. Either way, when you have an email, you can all the [createCode API](/docs/passwordless/custom-ui/login-otp) to send the code to that email.
 
-After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp).
+After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp). If the API call returns a `RESTART_FLOW_ERROR`, you can handle this by calling the `createCode` function once again in the background.
 
 :::note
 Notice that in Case 2, there is no UI for the user to enter an email. That happens silently. The user only sees the enter OTP screen.
 :::
 
+We recommend that you add a sign out button when showing the second factor (case 1 or case 2) so that users can use this to escape out of the flow in case they are unable to complete the second factor. When the sign out button is clicked, you want to:
+- Call the `await clearLoginAttemptInfo()` function (if on web) to clear the state that's set in th browser storage when calling the `createCode` function.
+- Call the sign out function / API to clear the tokens.
+
 On successful verification of the code, the `otp-email` factor is marked as completed and the `v` value is updated in the session based on if there are any more factors that the user needs to complete. The next step would be to check this `v` value in the MFA claim and redirect the user to the application page, or get information about the next factor using the [MFA info endpoint](../frontend-setup#mfa-info-endpoint).
 
 </CustomUIContent>

v2/mfa/email-sms-otp/otp-for-opt-in-users.mdx

@@ -22,6 +22,10 @@ import FrontendMobileSubTabs from "/src/components/tabs/FrontendMobileSubTabs"
 
 # OTP for specific users
 
+:::important
+Before reading the below, please first go through the setup for [OTP for all users](./otp-for-all-users) to understand the basics of how MFA with OTP works, and then come back here.
+:::
+
 In this page, we will show you how to implement an MFA policy that requires certain users to do the OTP challenge via email or sms. You can decide which those users are based on any criteria. For example:
 - Only users that have an `admin` role require to do OTP; OR
 - Only users that have enabled OTP on their account require to do OTP; OR