diff --git a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
index bfa706d8a..41cff62ca 100644
--- a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
@@ -123,16 +123,17 @@ public class DeviceValidator(
         {
             // verify the NewDeviceOtp
             var otpValid = await _userService.VerifyOTPAsync(user, newDeviceOtp);
-            if(!otpValid)
+            if(otpValid)
             {
                 await _deviceService.SaveAsync(device);
+                return (true, null);
             }
             return (false, "invalid otp");
         }
 
         // if a user has no devices they are assumed to be newly registered user which does not require new device verification
         var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
-        if (device == null)
+        if (devices.Count == 0)
         {
             await _deviceService.SaveAsync(device);
             return (true, null);
diff --git a/test/Identity.IntegrationTest/RequestValidation/ResourceOwnerPasswordValidatorTests.cs b/test/Identity.IntegrationTest/RequestValidation/ResourceOwnerPasswordValidatorTests.cs
index 703faed48..e52b64138 100644
--- a/test/Identity.IntegrationTest/RequestValidation/ResourceOwnerPasswordValidatorTests.cs
+++ b/test/Identity.IntegrationTest/RequestValidation/ResourceOwnerPasswordValidatorTests.cs
@@ -226,7 +226,7 @@ public class ResourceOwnerPasswordValidatorTests : IClassFixture<IdentityApplica
         // Stub DeviceValidator
         factory.SubstituteService<IDeviceValidator>(sub =>
         {
-            sub.SaveDeviceAsync(Arg.Any<User>(), Arg.Any<ValidatedTokenRequest>())
+            sub.SaveRequestingDeviceAsync(Arg.Any<User>(), Arg.Any<ValidatedTokenRequest>())
                 .Returns(null as Device);
         });