You've got it correct. You simply check "Is this code the correct one generated by the 2fa code generator OR is this code one of the backup codes?". This page shows Google's UI for it.
It would also be acceptable to just have a "I don't have my phone; Log me in with a backup code" link that took them to a backup code login page.
It is important to require the backup code and their password, though!
Also make sure that backup codes are one time use only - you do not want people just to memorize one and keep reusing it like a second password.