Skip to content

Research & Feasibility of Recovery Codes #67

New issue
New issue
Open
Task
Open
Research & Feasibility of Recovery Codes#67
Task
Assignees
OscarLlamas6
@JoseSzycho

Description

@JoseSzycho
JoseSzycho
opened on Jan 13, 2026

Description

Recovery codes are essential for users who lose access to their MFA devices. We need to determine if Zitadel supports the generation and retrieval of recovery codes via API and how to implement this safely.

Research Goals

  • Zitadel Support: Confirm if the current Zitadel version supports "Recovery Codes" as a distinct MFA type or if they must be handled as a separate mechanism.
  • Security & Persistence: If we implement a custom API, where are these codes stored? Can we use Zitadel’s native recovery code feature, or do we need a custom implementation within our DB?
  • Implementation Path:
    • Auth-UI: Can the codes be displayed once during the MFA setup flow?
    • Custom API: Is there a way to "regenerate" codes through our provider?

Acceptance Criteria

  • Verification of whether Zitadel API exposes recovery code management.
  • Assessment of the risk/effort for a custom implementation if native support is lacking.
  • Final "Go/No-Go" recommendation for implementation.

Note

Preferred option is to leverage the implementation to the auth-ui

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Task

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions