MFA Recovery Codes issue

after creating recovery codes using account.createMFARecoveryCodes() do we need to Verify MFA factors type recovery code?

I followed this guide: https://appwrite.io/docs/products/auth/mfa

I tried to verify this using users.listMFAFactors({userId}) and account.listMFAFactors() but I am getting inconsistent results, check the screenshot

when i try to login and verify using recovery codes, it doesn't work... please let me know how this works exactly

is this related to this bug: https://github.com/appwrite/appwrite/issues/10740

<@973276532925677569>

Seems like the users endpoint is missing the logic for recovery codes.

https://github.com/appwrite/appwrite/blob/c65e5516977895c1c50caa83809101f038e52845/app/controllers/api/users.php#L1866

Can you create a GitHub issue so we don't lose track of this issue?

https://github.com/appwrite/appwrite/issues/10927 created, you can assign it to me to get it fixed.

meanwhile is recovery codes are not working at all with appwrite 1.8? this is driving me crazy unless it's a bug

Correct, you linked the related issue

<@462046107556511744> can we delete or reset recovery codes using the users sdk ? Ai thinks: The Appwrite SDK's deleteMFAAuthenticator only accepts 'totp' as a valid type - recovery codes can't be deleted directly through that method

<@462046107556511744> what is the best way to enable pass keys? would be useful to have a demo project or documentation on the website

You cant use pass keys for MFA. If you want to use pass keys for auth, create a separate <#1072905050399191082> post

https://appwrite.io/docs/references/cloud/server-nodejs/users#updateMfaRecoveryCodes

please assign this issue to me also check my approuch is correct or not https://github.com/appwrite/appwrite/pull/10951