[keycloak-dev] Transaction approval via OpenID Connect User Questioning API

Felix Meißner felix.meissner at hanko.io
Wed Jan 16 04:30:40 EST 2019 

Hi Stian,

thanks for your feedback. Nice to hear that you consider the User
Questioning API a fitting feature for Keycloak.

For now, we will implement this feature as a plugin to get a working proof
of concept. We would be happy to contribute any common code to Keycloak.

Intuitively, I would start implementing the endpoints as a REST Resource.
To allow for different methods of questioning (via a screen displayed by
Keycloak or via our API) we would have to extract a common interface, I
think.

Viele Grüße / Best regards
Felix Meißner

Hanko.io – Convenient and Secure Authentication

Hanko GmbH
Ringstr. 19 | 24114 Kiel | Germany

Email: felix.meissner at hanko.io
Phone: +49 431 908 929 25


Am Mi., 16. Jan. 2019 um 07:58 Uhr schrieb Stian Thorgersen <
sthorger at redhat.com>:

> Looks quite interesting and useful. Haven't seen much request for it
> though.
>
> Doesn't look like it would be to much effort to implement, nor to much
> burden to maintain. Have you considered how this could be implemented in
> Keycloak?
>
> On Mon, 14 Jan 2019 at 12:49, Felix Meißner <felix.meissner at hanko.io>
> wrote:
>
>> Hi everyone,
>>
>> recently, I have been investigating how to integrate transaction approval
>> in an OpenID Connect based environment.
>>
>> It seems to me, the OpenID Connect User Questioning API is the perfect
>> match, but as far as I can see, Keycloak is currently not implementing
>> this
>> API, right? Also, I cannot fond any issue at JBoss regarding this feature.
>>
>> Are there any reasons to not implement the User Questioning API in
>> Keycloak, or has there just not yet been a feature request / someone
>> willing to implement this? Or are there any other ways to aquire the
>> user's
>> consent via Keycloak?
>>
>> At Hanko, we are developing a Keycloak plugin that allows to use FIDO2 as
>> well as UAF and U2F devices as second or multi-factor authentication
>> devices in Keycloak with help of our API. Now, we are looking for a way to
>> integrate signed transactions based on FIDO in Keycloak.
>>
>> Thank you for your comments!
>>
>> Viele Grüße / Best regards
>> Felix Meißner
>>
>> Hanko.io – Convenient and Secure Authentication
>>
>> Hanko GmbH
>> Ringstr. 19 | 24114 Kiel | Germany
>>
>> Email: felix.meissner at hanko.io
>> Phone: +49 431 908 929 25
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

More information about the keycloak-dev mailing list