Repeated MFA Phone Number Prompt in "SignUpOrSignIn" User Journey

Description When logging in as a user using the "SignUpOrSignIn" user journey in TrustFrameworkBase.xml, I am prompted to enter my phone number and complete the 2FA verification successfully. However, upon logging out and signing back in, I am asked to enter my phone number again for 2FA.

This behaviour persists on every login, even though my phone number is correctly registered under Authentication Methods in the Azure portal.

Observed Behaviour

• PhoneFactor-InputOrVerify always prompts for phone number input, even for returning users.
• The user is able to modify their phone number at each login, which defeats the purpose of 2FA security.
• strongAuthenticationPhoneNumber appears to be correctly stored in Azure under Authentication Methods.
• This issue suggests that the policy is not retrieving the stored phone number before prompting the user.

Could this be a permissions issue where the policy lacks the necessary rights to read strongAuthenticationPhoneNumber from Azure AD B2C? If so, what permissions should be configured to allow the policy to retrieve the stored phone number properly?

Or is there a configuration missing in my policy that ensures strongAuthenticationPhoneNumber is read before the "PhoneFactor-InputOrVerify" profile runs?

Any guidance would be greatly appreciated as I have spent several hours debugging this issue.

Expected Behaviour Once the phone number is verified during the first MFA prompt, the "PhoneFactor-InputOrVerify" technical profile should recognise and use the previously verified number, preventing the need for re-entering or modifying it upon subsequent logins

I've worked out the problem. I was extending "AAD-UserReadUsingObjectId" in my extension policy but had added the following item to the Metadata element:

<Metadata>
    <Item Key="api-version">1.6</Item>
</Metadata>

When I remove this, strongAuthenticationPhoneNumber is read successfully.