Recovery Codes

Recovery codes serve as backup authentication codes that help users regain access to their account when they can't use their primary second factor authentication method, such as a TOTP App or device with passkey. These codes provide a secure way to reset multi-factor authentication (MFA) when primary methods are unavailable.

Recovery Codes with Flows

This guide will walk you through integrating Recovery Codes into your Descope Flows.

Flow Actions

When using Recovery Codes, there is both the initial generation action and the sign in action:

  • Recovery Codes / Generate - Will generate recovery codes for the user according to your project settings.
  • Sign In / Recovery Code - Enable users to sign in using a recovery code.

Recovery codes are single-use only. After a successful Sign In / Recovery Code action runs, the used code becomes invalid. Additionally, generating new recovery codes through the Recovery Codes / Generate action will invalidate all previously existing codes.

Flow Screens

When displaying recovery codes after the Recovery Codes / Generate action, use the Recovery Codes component.

Recovery codes display component

When having the user enter their recovery code before the Sign In / Recovery Code action, use the Recovery Code Input component.

Recovery code input component

For working examples, refer to our Add MFA with TOTP and Recovery Codes and Sign In with TOTP or Recovery Codes flow templates.

Error Handling

Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.

Was this helpful?

On this page