In V3 the reuseCondition for testing reuse of an AuthenticationResult was attached to the underlying flow descriptor so was applied consistently at the top level or within an MFA transition.
In V4 the condition migrated in the API to the AuthenticationResult, but I blew the deserialization that has to attach the condition to the object.
At the top level within a Session, the flow descriptor is used as the deserializer and does the reattachment, and it works. During MFA flow use, there's a nested layer of deserializers and the one that does the work for the flow result isn't the flow descriptor and doesn't attach the condition, so it's left defaulted to alwaysTrue.
I actually have a test case for this in production that's now broken, though isn't really being exercised.