[API v1.1.0] why does users/verify/OTP endpoint have JWT AuthGuard?

Surely a user trying to verify their OTP password is not logged in and therefore will have no JWT auth. This will stop any user that is not logged in from submitting their OTP. And i think it most cases, users reaching this endpoint will not be logged in.