[PM-3382] User cannot select Email as a secondary 2FA option following SSO (#2719)

* [PM-3382] Update mobile client to receive and use SsoEmail2faSessionToken

* [PM-3382] Fix null 2fa email with local email on MP login.

src/App/Pages/Accounts/TwoFactorPageViewModel.cs

@@ -466,7 +466,8 @@ namespace Bit.App.Pages
                 {
                     Email = _authService.Email,
                     MasterPasswordHash = _authService.MasterPasswordHash,
-                    DeviceIdentifier = await _appIdService.GetAppIdAsync()
+                    DeviceIdentifier = await _appIdService.GetAppIdAsync(),
+                    SsoEmail2FaSessionToken = _authService.SsoEmail2FaSessionToken
                 };
                 await _apiService.PostTwoFactorEmailAsync(request);
                 if (showLoading)

src/Core/Abstractions/IAuthService.cs

@@ -15,6 +15,7 @@ namespace Bit.Core.Abstractions
         string Code { get; set; }
         string CodeVerifier { get; set; }
         string SsoRedirectUrl { get; set; }
+        string SsoEmail2FaSessionToken { get; set; }
         TwoFactorProviderType? SelectedTwoFactorProviderType { get; set; }
         Dictionary<TwoFactorProviderType, TwoFactorProvider> TwoFactorProviders { get; set; }
         Dictionary<TwoFactorProviderType, Dictionary<string, object>> TwoFactorProvidersData { get; set; }

src/Core/Models/Request/TwoFactorEmailRequest.cs

@@ -5,5 +5,6 @@
         public string Email { get; set; }
         public string MasterPasswordHash { get; set; }
         public string DeviceIdentifier { get; set; }
+        public string SsoEmail2FaSessionToken { get; set; }
     }
 }

src/Core/Models/Response/IdentityTwoFactorResponse.cs

@@ -12,5 +12,7 @@ namespace Bit.Core.Models.Response
         public MasterPasswordPolicyOptions MasterPasswordPolicy { get; set; }
         [JsonProperty("CaptchaBypassToken")]
         public string CaptchaToken { get; set; }
+        public string SsoEmail2faSessionToken { get; set; }
+        public string Email { get; set; }
     }
 }

src/Core/Services/AuthService.cs

@@ -124,6 +124,7 @@ namespace Bit.Core.Services
         public string Code { get; set; }
         public string CodeVerifier { get; set; }
         public string SsoRedirectUrl { get; set; }
+        public string SsoEmail2FaSessionToken { get; set; }
         public Dictionary<TwoFactorProviderType, TwoFactorProvider> TwoFactorProviders { get; set; }
         public Dictionary<TwoFactorProviderType, Dictionary<string, object>> TwoFactorProvidersData { get; set; }
         public TwoFactorProviderType? SelectedTwoFactorProviderType { get; set; }
@@ -457,20 +458,21 @@ namespace Bit.Core.Services
             if (result.TwoFactor)
             {
                 // Two factor required.
-                Email = email;
+                Email = response.TwoFactorResponse.Email ?? email;
                 MasterPasswordHash = hashedPassword;
                 LocalMasterPasswordHash = localHashedPassword;
                 AuthRequestId = authRequestId;
                 Code = code;
                 CodeVerifier = codeVerifier;
                 SsoRedirectUrl = redirectUrl;
+                SsoEmail2FaSessionToken = response.TwoFactorResponse.SsoEmail2faSessionToken;
                 _masterKey = _setCryptoKeys ? masterKey : null;
                 _userKey = userKey2FA;
                 TwoFactorProvidersData = response.TwoFactorResponse.TwoFactorProviders2;
                 result.TwoFactorProviders = response.TwoFactorResponse.TwoFactorProviders2;
                 CaptchaToken = response.TwoFactorResponse.CaptchaToken;
                 _masterPasswordPolicy = response.TwoFactorResponse.MasterPasswordPolicy;
-                await _tokenService.ClearTwoFactorTokenAsync(email);
+                await _tokenService.ClearTwoFactorTokenAsync(Email);
                 return result;
             }