[keycloak-dev] User registration: OTP flow

[Bruno Oliveira]

I think in this case, we can close the issue. OTP form will enable
people to use authenticator, but not enforce it during the
registration time.

On Fri, Nov 27, 2015 at 5:40 AM, Stian Thorgersen <sthorger at redhat.com> wrote:
> It's certainly a usability issue then. I thought the opposite that "OTP
> Form" was required, but not adding the default action to have it work with
> registration as well.
>
> On 26 November 2015 at 21:24, Bruno Oliveira <bruno at abstractj.org> wrote:
>>
>> Ahoy, I was looking at this Jira
>> https://issues.jboss.org/browse/KEYCLOAK-1998 and trying to reproduce
>> the issue reported by Stian.
>>
>> What I did was:
>>
>> 1. Get the latest changes from master
>> 2. Run mvn clean install -DskipTests=true && mvn -f
>> testsuite/integration/pom.xml exec:java -Pkeycloak-server
>> 3. Go to "Realm Settings" and enable "User Registration"
>> 4. Go to "Authentication" > "Required Actions"
>> 5. On Configure Totp mark the checkbox "Default Action"
>> 6. Now logout and try to register
>> 7. After the registration I get the TOTP screen
>>
>> Stian was following a different workflow
>>
>> 1. Get the latest changes from master
>> 2. Run mvn clean install -DskipTests=true && mvn -f
>> testsuite/integration/pom.xml exec:java -Pkeycloak-server
>> 3. Go to "Realm Settings" and enable "User Registration"
>> 4. Flows > Browser
>> 5. OTP form marked as required
>> 6. After the registration I won't get the TOTP screen
>>
>> After I managed to reproduce the real issue, I got confused about what
>> would be the expected behavior in the situation where I have "OTP
>> form" as required and "Required actions > Configure Totp > Default
>> action" unchecked.
>>
>> To me it seems like OTP form is unnecessary, but I can be 110% wrong.
>>
>> Thoughts?
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>