KEYCLOAK-6270 Support for Backup Codes for 2FA Recovery

Hello Keycloak Users,

I recently implemented support for backup codes as a custom Keycloak extension.
A description about how it works can be found on the keycloak-dev mailing list [1]

The example implementation with some gifs that show the extension in action can be found in [2].

I’d love to hear your feedback on this :slight_smile:


[1] Keycloak Dev Discussion
[2] Backup Codes Implementation keycloak-extension-playground/auth-backup-codes at master · thomasdarimont/keycloak-extension-playground · GitHub


This is really great. I’ve heard this use case several times before. Thank you for implementing!

Question as to what happens with each code once it’s used. Do you remove it, or just mark it as used (in case someone wanted to extend to provide user feedback)?

Hi xgp,

thanks for your feedback!
Backup codes are stored as individual entries in the credentials table.
Once a backup code is used it is deleted from the credentials table.