[keycloak-dev] Transaction approval via OpenID Connect User Questioning API

Stian Thorgersen sthorger at redhat.com
Fri Jan 18 03:01:48 EST 2019 

On Wed, 16 Jan 2019 at 10:33, Felix Meißner <felix.meissner at hanko.io> wrote:

> Hi Stian,
>
> thanks for your feedback. Nice to hear that you consider the User
> Questioning API a fitting feature for Keycloak.
>
> For now, we will implement this feature as a plugin to get a working proof
> of concept. We would be happy to contribute any common code to Keycloak.
>
> Intuitively, I would start implementing the endpoints as a REST Resource.
> To allow for different methods of questioning (via a screen displayed by
> Keycloak or via our API) we would have to extract a common interface, I
> think.
>

Can you elaborate on what you mean about different methods of questioning?
>From briefly reading the spec it looks like the client sends the request to
the OP. Then the user should interact with the OP.

For the user interaction with the OP I would assume this means the OP is
responsible to display any screens (or send emails) to get the users
statement.


>
> Viele Grüße / Best regards
> Felix Meißner
>
> Hanko.io – Convenient and Secure Authentication
>
> Hanko GmbH
> Ringstr. 19 | 24114 Kiel | Germany
>
> Email: felix.meissner at hanko.io
> Phone: +49 431 908 929 25
>
>
> Am Mi., 16. Jan. 2019 um 07:58 Uhr schrieb Stian Thorgersen <
> sthorger at redhat.com>:
>
> > Looks quite interesting and useful. Haven't seen much request for it
> > though.
> >
> > Doesn't look like it would be to much effort to implement, nor to much
> > burden to maintain. Have you considered how this could be implemented in
> > Keycloak?
> >
> > On Mon, 14 Jan 2019 at 12:49, Felix Meißner <felix.meissner at hanko.io>
> > wrote:
> >
> >> Hi everyone,
> >>
> >> recently, I have been investigating how to integrate transaction
> approval
> >> in an OpenID Connect based environment.
> >>
> >> It seems to me, the OpenID Connect User Questioning API is the perfect
> >> match, but as far as I can see, Keycloak is currently not implementing
> >> this
> >> API, right? Also, I cannot fond any issue at JBoss regarding this
> feature.
> >>
> >> Are there any reasons to not implement the User Questioning API in
> >> Keycloak, or has there just not yet been a feature request / someone
> >> willing to implement this? Or are there any other ways to aquire the
> >> user's
> >> consent via Keycloak?
> >>
> >> At Hanko, we are developing a Keycloak plugin that allows to use FIDO2
> as
> >> well as UAF and U2F devices as second or multi-factor authentication
> >> devices in Keycloak with help of our API. Now, we are looking for a way
> to
> >> integrate signed transactions based on FIDO in Keycloak.
> >>
> >> Thank you for your comments!
> >>
> >> Viele Grüße / Best regards
> >> Felix Meißner
> >>
> >> Hanko.io – Convenient and Secure Authentication
> >>
> >> Hanko GmbH
> >> Ringstr. 19 | 24114 Kiel | Germany
> >>
> >> Email: felix.meissner at hanko.io
> >> Phone: +49 431 908 929 25
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list