diff --git a/app/[lang]/(live)/(protected)/mfa-login/route.ts b/app/[lang]/(live)/(protected)/mfa-login/route.ts
index 626da9abc..297c169a0 100644
--- a/app/[lang]/(live)/(protected)/mfa-login/route.ts
+++ b/app/[lang]/(live)/(protected)/mfa-login/route.ts
@@ -14,34 +14,26 @@ export async function GET(
   let redirectHeaders: Headers | undefined = undefined
   let redirectTo: string
 
-  const returnUrl = request.headers.get("x-returnurl")
+  redirectTo =
+    request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
+    request.nextUrl.searchParams.get("redirectTo") ||
+    "/"
 
-  if (returnUrl) {
-    // Seamless login request from Current web
-    redirectTo = returnUrl
-  } else {
-    // Normal login request from New web
-    redirectTo =
-      request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
-      request.nextUrl.searchParams.get("redirectTo") ||
-      "/"
-
-    // Make relative URL to absolute URL
-    if (redirectTo.startsWith("/")) {
-      if (!env.PUBLIC_URL) {
-        throw internalServerError("No value for env.PUBLIC_URL")
-      }
-      redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
+  // Make relative URL to absolute URL
+  if (redirectTo.startsWith("/")) {
+    if (!env.PUBLIC_URL) {
+      throw internalServerError("No value for env.PUBLIC_URL")
     }
-
-    // Clean up cookie from authRequired middleware
-    redirectHeaders = new Headers()
-    redirectHeaders.append(
-      "set-cookie",
-      "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
-    )
+    redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
   }
 
+  // Clean up cookie from authRequired middleware
+  redirectHeaders = new Headers()
+  redirectHeaders.append(
+    "set-cookie",
+    "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
+  )
+
   try {
     /**
      * Passing `redirect: false` to `signIn` will return the URL instead of
@@ -56,7 +48,7 @@ export async function GET(
       },
       {
         ui_locales: context.params.lang,
-        scope: "profile_update openid",
+        scope: "profile_update openid profile",
         // The below acr value is required as for New Web same Curity Client is used for MFA
         // while in current web it is being setup using different Curity Client ID and secret
         acr_values: