diff --git a/apps/login/app/api/otp/verify/route.ts b/apps/login/app/api/otp/verify/route.ts
deleted file mode 100644
index 38be7023ad2..00000000000
--- a/apps/login/app/api/otp/verify/route.ts
+++ /dev/null
@@ -1,70 +0,0 @@
-import {
-  SessionCookie,
-  getMostRecentSessionCookie,
-  getSessionCookieById,
-  getSessionCookieByLoginName,
-} from "#/utils/cookies";
-import { setSessionAndUpdateCookie } from "#/utils/session";
-import { Checks } from "@zitadel/server";
-import { NextRequest, NextResponse, userAgent } from "next/server";
-
-export async function POST(request: NextRequest) {
-  const body = await request.json();
-
-  if (body) {
-    const { loginName, sessionId, organization, authRequestId, code, method } =
-      body;
-
-    const recentPromise: Promise<SessionCookie> = sessionId
-      ? getSessionCookieById(sessionId).catch((error) => {
-          return Promise.reject(error);
-        })
-      : loginName
-      ? getSessionCookieByLoginName(loginName, organization).catch((error) => {
-          return Promise.reject(error);
-        })
-      : getMostRecentSessionCookie().catch((error) => {
-          return Promise.reject(error);
-        });
-
-    return recentPromise
-      .then((recent) => {
-        const checks: Checks = {};
-
-        if (method === "time-based") {
-          checks.totp = {
-            code,
-          };
-        } else if (method === "sms") {
-          checks.otpSms = {
-            code,
-          };
-        } else if (method === "email") {
-          checks.otpEmail = {
-            code,
-          };
-        }
-
-        return setSessionAndUpdateCookie(
-          recent,
-          checks,
-          undefined,
-          authRequestId
-        ).then((session) => {
-          return NextResponse.json({
-            sessionId: session.id,
-            factors: session.factors,
-            challenges: session.challenges,
-          });
-        });
-      })
-      .catch((error) => {
-        return NextResponse.json({ details: error }, { status: 500 });
-      });
-  } else {
-    return NextResponse.json(
-      { details: "Request body is missing" },
-      { status: 400 }
-    );
-  }
-}
diff --git a/apps/login/app/api/session/route.ts b/apps/login/app/api/session/route.ts
index 0b808f28727..d1d5114fe25 100644
--- a/apps/login/app/api/session/route.ts
+++ b/apps/login/app/api/session/route.ts
@@ -105,7 +105,7 @@ export async function PUT(request: NextRequest) {
         ).then(async (session) => {
           // if password, check if user has MFA methods
           let authFactors;
-          if (checks.password && session.factors?.user?.id) {
+          if (checks && checks.password && session.factors?.user?.id) {
             const response = await listHumanAuthFactors(
               server,
               session.factors?.user?.id
@@ -123,6 +123,7 @@ export async function PUT(request: NextRequest) {
         });
       })
       .catch((error) => {
+        console.error(error);
         return NextResponse.json({ details: error }, { status: 500 });
       });
   } else {
diff --git a/apps/login/ui/LoginOTP.tsx b/apps/login/ui/LoginOTP.tsx
index 3264f8e0409..68f0451b04f 100644
--- a/apps/login/ui/LoginOTP.tsx
+++ b/apps/login/ui/LoginOTP.tsx
@@ -9,6 +9,7 @@ import { Spinner } from "./Spinner";
 import { Checks } from "@zitadel/server";
 import { useForm } from "react-hook-form";
 import { TextInput } from "./Input";
+import { Challenges } from "@zitadel/server";
 
 // either loginName or sessionId must be provided
 type Props = {
@@ -16,7 +17,7 @@ type Props = {
   sessionId?: string;
   authRequestId?: string;
   organization?: string;
-  method?: string;
+  method: string;
   code?: string;
 };
 
@@ -47,22 +48,30 @@ export default function LoginOTP({
   });
 
   useEffect(() => {
-    if (!initialized.current) {
+    if (!initialized.current && ["email", "sms"].includes(method)) {
       initialized.current = true;
       setLoading(true);
-      updateSessionForOTPChallenge();
-      // .then((response) => {
-
-      //   setLoading(false);
-      // })
-      // .catch((error) => {
-      //   setError(error);
-      //   setLoading(false);
-      // });
+      updateSessionForOTPChallenge()
+        .then((response) => {
+          setLoading(false);
+        })
+        .catch((error) => {
+          setError(error);
+          setLoading(false);
+        });
     }
   }, []);
 
   async function updateSessionForOTPChallenge() {
+    const challenges: Challenges = {};
+
+    if (method === "email") {
+      challenges.otpEmail = "peintnerm@gmail.com";
+    }
+
+    if (method === "sms") {
+      challenges.otpSms = "";
+    }
     setLoading(true);
     const res = await fetch("/api/session", {
       method: "PUT",
@@ -73,14 +82,7 @@ export default function LoginOTP({
         loginName,
         sessionId,
         organization,
-        challenges:
-          method === "email"
-            ? {
-                otpEmail: true,
-              }
-            : method === "sms"
-            ? { otpSms: true }
-            : {},
+        challenges,
         authRequestId,
       }),
     });