Recovery codes

Problem/Motivation

D7 tfa uses recovery codes.

User migration already contains code adding recovery codes into KC credentials.

Currently, KC is not configured to use recovery codes, so users cannot use them, nor it can be verified the related migration piece works.

See #3 (closed).

Proposed resolution

Configure recovery codes in KC.
Verify/adjust data migration.

Notes

I tried to do this briefly, by enabling Recovery Authentication Codes in KC Configure > Authentication > Required Actions, but that was not enough.

⚠️ KC recovery codes documentation states that recovery codes support is in development, and its use is experimental, see related upstream issue.

Edited Mar 19, 2024 by Marco Villegas