diff --git a/apps/login/src/ui/PasswordForm.tsx b/apps/login/src/ui/PasswordForm.tsx
index 6aa857812c5..318e379e37c 100644
--- a/apps/login/src/ui/PasswordForm.tsx
+++ b/apps/login/src/ui/PasswordForm.tsx
@@ -69,7 +69,6 @@ export default function PasswordForm({
 
     setLoading(false);
     if (!res.ok) {
-      console.log(response.details.details);
       setError(response.details?.details ?? "Could not verify password");
       return Promise.reject(response.details);
     }
@@ -127,7 +126,40 @@ export default function PasswordForm({
         }
 
         const factor = availableSecondFactors[0];
-        if (factor === 4) {
+        // passwordless
+        if (factor === 2 && isAlternative) {
+          // with OIDC flow
+          if (resp.sessionId && authRequestId) {
+            const params = new URLSearchParams({
+              sessionId: resp.sessionId,
+              authRequest: authRequestId,
+            });
+
+            if (organization) {
+              params.append("organization", organization);
+            }
+
+            return router.push(`/login?` + params);
+          } else {
+            // without OIDC flow
+            const params = new URLSearchParams(
+              authRequestId
+                ? {
+                    loginName: resp.factors.user.loginName,
+                    authRequestId,
+                  }
+                : {
+                    loginName: resp.factors.user.loginName,
+                  },
+            );
+
+            if (organization) {
+              params.append("organization", organization);
+            }
+
+            return router.push(`/signedin?` + params);
+          }
+        } else if (factor === 4) {
           return router.push(`/otp/time-based?` + params);
         } else if (factor === 6) {
           return router.push(`/otp/sms?` + params);
@@ -185,7 +217,7 @@ export default function PasswordForm({
         }
 
         return router.push(`/passkey/add?` + params);
-      } else if (authRequestId && resp && resp.sessionId) {
+      } else if (authRequestId && resp.sessionId) {
         const params = new URLSearchParams({
           sessionId: resp.sessionId,
           authRequest: authRequestId,
diff --git a/apps/login/src/utils/session.ts b/apps/login/src/utils/session.ts
index 22f57f2662d..0fe59a5c9b4 100644
--- a/apps/login/src/utils/session.ts
+++ b/apps/login/src/utils/session.ts
@@ -94,6 +94,7 @@ export async function createSessionForUserIdAndUpdateCookie(
   );
 
   if (createdSession) {
+    console.log("cs", createdSession);
     return getSession(
       server,
       createdSession.sessionId,