I’m using 2FA on https://sso.gnome.org/realms/master/protocol/openid-connect/auth . Next time my second factor device dies, where can I find my recovery keys to authenticate against GNOME SSO? I failed to find anything in the web UI. In case there are no recovery codes, how would my 2FA reset request get verified?
Asking as a followup to Transition to new SSO domain and mandatory two-factor authentication enrollment
There’s no support for 2FA recovery codes in keycloak as of this time, right now if you lose your 2FA the only way you have is to reach out to the Infrastructure team and receive assistance. Another possibility would be to add a second 2FA to the account.
Thanks. I hope that the Infrastructure team will find ways which scale to reliably verify reset requests in times of computer-generated video call content.
Unfortunately, this is exactly my problem – my mobile phone crashed, the backup seems to be broken, which means that I cannot log into Keycloak and in turn into Gitlab any more. 
IIRC, Gitlab has the option to reset the 2FA using a SSH private key authenticated API call (my ssh key still works) – does Gnome Gitlab support that, too?
if you lose your 2FA the only way you have is to reach out to the Infrastructure team and receive assistance.
How can I do that – an email to sysadmin@gnome.org has been rejected…
No, there’s no such support yet in Keycloak, for now I’ve removed your 2FA from your account, you should be able to add it back.
Thanks a lot, works again!