<div dir="ltr">I agree mobile can be done with a separate authenticator, it's probably not that much additional work to add either. However, that doesn't change the account management console, registration screens, etc.. So there's more work than that + quite a lot of configuration needed to use mobile instead of email/username.<div><br></div><div>It would be nice to have a configurable option on the username/email authenticator to support only email though. I think we may have this already but it's a realm option rather than a configuration option on the authenticator. Same arguments here, if someone just wants to use email, the username shouldn't be displayed on login, registration and account management.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 7 October 2015 at 14:28, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div>On 06/10/15 09:50, Stian Thorgersen
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">We've have someone from the community that wants to
use mobile number as the username, as well as verify mobile
number by sending a code via SMS. See "Login by mobile number"
thread in user mailing list for more details. They are also
willing to contribute this back to the community.
<div><br>
</div>
<div>That made me think it may be nice to be able to configure
the behavior of the username "field" for a realm. We could
have a simple drop-down in the admin console to configure
username mode, with the following options:</div>
<div><br>
</div>
<div>* Username/email - default behavior where a user provides
both a username and email, and the user can login with either.
In this mode email has to be unique.</div>
<div>* Username - a user can only login with a username. In this
mode we could relax the requirement that email has to be
unique (that may be difficult though as it would require not
using a database constraint, which may make it rather
difficult to guarantee uniqueness in other modes)</div>
</div>
</blockquote></span>
Even if we add the option, I wouldn't remove email uniqueness. Admin
can decide to change the mode back to "Username" to "Email" and then
some users won't be able to login due to many users with same email.
Also is there usecase when there are 2 different users in realm with
same email?<span class=""><br>
<blockquote type="cite">
<div dir="ltr">
<div>* Email - in this mode only email can be used to login. In
this mode username field would not be displayed on the
registration form or account management console. In the token
the username would be set to email. In this mode verify email
address should be enabled by default.</div>
<div>* Mobile - user logs in with a mobile number. We can either
just add mobile number to the username field or add a new
mobile field and require uniqueness on that field. In this
mode verify mobile number should be enabled by default.</div>
</div>
</blockquote></span>
For the "Mobile" support, isn't an option to remove default
username/password Authenticator and add new Authenticator based on
mobile number? Also registration screen can be customized and
account management as well. Also user can already use protocol
mapper to map "mobile_number" attribute to "preferred_username" or
whatever he wants into access token.<br>
<br>
TBH advantages of introducing new option are bit unclear to me. It
looks like adding another complexity, which is not needed as
authentication with mobile can be done with the SPIs we have now
IMO.<br>
<br>
Marek<br>
<blockquote type="cite"><span class="">
<div dir="ltr">
<div><br>
</div>
<div>With regards to implementation I think it would be easier
to make the existing username/password authenticator,
registration form and account management adopt to the mode
rather than have separate authenticators, etc.. for each mode.</div>
</div>
<br>
<fieldset></fieldset>
<br>
</span><pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>