Recovery codes are a set of codes that can be used to authenticate a user in case they lose access to their registered MFA devices.

Prerequisites

  • You need to have the Dynamic Client initialized.
  • You need to have the passkey MFA enabled in your environment’s settings in the Dynamic dashboard.

Getting a set of recovery codes

Calling getMfaRecoveryCodes will return a set of 10 recovery codes. Each code is single-use. If user doesn’t have any recovery codes generated yet, it will create them. If codes have already been generated for the user before, it will return them. You can display them to the user and ask them to save them in a secure location. 
import { getMfaRecoveryCodes } from '@dynamic-labs-sdk/client';

const register = async () => {
  const { recoveryCodes } = await getMfaRecoveryCodes();
  console.log(recoveryCodes);
};

Creating a new set of recovery codes

Calling createNewMfaRecoveryCodes will create a new set of 10 recovery codes. Each code is single-use. If the user still had unused recovery codes, they will be invalidated and a new set of 10 recovery codes will be created. You can use this to allow the user to generate a new set of recovery codes in case they lose, want to rotate them, or have already used all of previous ones. 
import { createNewMfaRecoveryCodes } from '@dynamic-labs-sdk/client';

const register = async () => {
  const { recoveryCodes } = await createNewMfaRecoveryCodes();
  console.log(recoveryCodes);
};

Doing MFA authentication with a recovery code

Calling authMfaRecoveryCode will verify the recovery code and complete the MFA challenge. The authentication will be successful if the user enters a valid recovery code, that hasn’t been used yet. 
import { authMfaRecoveryCode } from '@dynamic-labs-sdk/client';

const onLogin = async () => {
  // Replace 'ABCDEFGHIJ' with the actual recovery code the user enters
  await authMfaRecoveryCode({ code: 'ABCDEFGHIJ' });
};