Recovery Codes
Recovery codes serve as backup authentication codes that help users regain access to their account when they can't use their primary second factor authentication method, such as a TOTP App or device with passkey. These codes provide a secure way to reset multi-factor authentication (MFA) when primary methods are unavailable.
Recovery Codes with Flows
This guide will walk you through integrating Recovery Codes into your Descope Flows.
Flow Actions
When using Recovery Codes, there is both the initial generation action and the sign in action:
Recovery Codes / Generate
- Will generate recovery codes for the user according to your project settings.Sign In / Recovery Code
- Enable users to sign in using a recovery code.
Recovery codes are single-use only. After a successful Sign In / Recovery Code
action runs, the used code becomes invalid. Additionally, generating new recovery codes through the Recovery Codes / Generate
action will invalidate all previously existing codes.
Flow Screens
When displaying recovery codes after the Recovery Codes / Generate
action, use the Recovery Codes component.
When having the user enter their recovery code before the Sign In / Recovery Code
action, use the Recovery Code Input component.
For working examples, refer to our Add MFA with TOTP and Recovery Codes and Sign In with TOTP or Recovery Codes flow templates.
Error Handling
Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.