Nobody here can answer these questions (except the answer to the first question is probably yes since they wouldn't be able to test your app without it).
What I would do in such a situation:
- provide login credentials
for the OTP, explain the situation in full transparency:
- that you have assumed that login was enough and did not provide One Time Password,
- if OTP required, could they explain how to provide them with OTP
for last question, it is better to have access to all functionalities, because they want to check for hidden features. So I guess they will need OTP.