Passkey only recovery flow asks to "change password" doesn't display hardware key

[jmatsushita]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

The language after successful recovery via email is confusing since there isn't a password nor social sign-in setup. In addition no hardware token is displayed in the list.

In addition when pressing "Add security key" and registering the same device with a different key name (using the id after-recovery in the below example) only then does the key identifier used during sign-up displayed (in the below example j-zero).

Worse if I click Remove security key "after-recovery", both keys are removed in the UI.

Reproducing the bug

When, as a project admin, I configure an ory network developer project to passkey only (enabling passkeys and disabling password auth),

The, as a user, I sign up with an email, use the account recovery option using the Ory Account Experience UI, after entering the OTP the Account Recovery page says:
You successfully recovered your account. Please change your password or set up an alternative login method (e.g. social sign in) within the next 15.00 minutes.

Pressing "Add security key" and registering the same device with a different key name now shows 2 keys.

Removing only one of the keys leads to none being displayed.

Relevant log output

No response

Relevant configuration

No response

Version

https://console.ory.sh/

On which operating system are you observing this issue?

Ory Network

In which environment are you deploying?

Ory Network

Additional Context

No response