I was referring to what I was asking before: 1) if the user needs to be enrolled into 2FA now, before this feature is built into it, and before Sphinx redirects the user anywhere with a code or token, it would be good to be able to redirect the user to a separate 2FA registration page, plus 2) once the user has completed self-registration and the account has been created in a disabled state, again without redirecting it with a token, can the user be redirected to another information page? - self-registration is a single place in this process, where the user should not be treated as authenticated and no tokens should be issued.
So, in 1) I would put the user through a separate registration for 2FA and in 2) will terminate this process without authenticating the user and without issuing any tokens. Next, the user will not be able to sign in until after the account has been manually enabled by admins. But once it has been, then the normal processing would work, with the user being authenticated (twice, with 2FA, which Sphinx already does) and normally redirected as per Client setup, with a token, to the normal redirect URL.
Does this make sense?