MFA API doesn't return recovery_codes

I’m trying to enroll a user’s authenticator using the MFA API.

$response = Http::withHeaders([
    'Authorization' => 'Bearer ' . $request->mfa_token,
    'Content-Type' => 'application/json',
])->post('https:// { MY_DOMAIN } /mfa/associate', [
    'authenticator_types' => ['otp'],
]);

According to this, the response should inclueds the recovery_codes.
However, I’m not seeing any.

{
    "authenticator_type": "otp",
    "secret": "******",
    "barcode_uri": "otpauth://totp/******"
}

I’m using the following method to check if it’s the user’s first authenticator association.
The MFA API is used only when it results in false.

$get_factor_api = Auth0::management()
    ->users()
    ->getAuthenticationMethods(
        user: Auth::id(),
    );
    $get_factor_api_response = json_decode($get_factor_api->getBody()->getContents());

    return count($get_factor_api_response) > 0 ? true : false;

( I’m using the laravel-auth0 )

The scopes in the MFA token are openid, profile, email, enroll and offline_access.

Is there something wrong?

I’ve found the solution.
Dashboard → Security → Multi-factor Auth, and toggle Recovery codes on.