[keycloak-user] New authenticator with CompletableFuture as the only authenticating factor

Daniel Radzikowski dradzikowski at bluesoft.net.pl
Tue Feb 21 10:09:30 EST 2017 

Thanks for the answer!

On callback I'm setting the attribute in client session and it works fine.
When submitting the form, *action()* method checks the attribute and
creates user session the way I wanted.

The question now is how to poll to check if the form can be submitted
automatically with JavaScript. Is there any endpoint to see if session
attribute has already been set? Or should I use extensions
http://www.keycloak.org/docs/2.5/server_development_guide/topics/extensions.html
and
implement my own endpoint?

Any suggestions appreciated.

2017-02-15 20:43 GMT+01:00 Bill Burke <bburke at redhat.com>:

> We don't support async HTTP.  So you either need to block or have your
> login page poll.  If you poll, then your async callback is gonna have to
> re-create a KeycloakSession object.  I suggest you have your
> authenticate() method check to see if a clientSession attribute is set
> or not and have the callback locate the clientSession and set this
> variable.  Hope I'm making sense.
>
>
> On 2/15/17 10:59 AM, Daniel Radzikowski wrote:
> > Hi,
> >
> > I'm trying to implement new authenticator for Mobile Connect. It is a bit
> > unusual flow, where the first method *void
> > authenticate(AuthenticationFlowContext context)* before returning a
> > challenge, calls a REST API, which prompts user mobile phone with 'Click
> > OK' button. This API call waits until the user clicks OK (or timeouts),
> so
> > in order not to block the request, it is wrapped in CompletableFuture and
> > the login page (with no inputs) is immediately returned to the browser.
> > (browser should't wait for the API call result).
> >
> > The problem is when the CompletableFuture is completed and calls a
> > callback. It's the place where the authentication should occur, but I
> don't
> > have any idea how to do it. The only authenticating factor is OK response
> > from this API. Can I set the authentication somehow bypassing the whole
> > processor (calling method *action(AuthenticationFlowContext context)* on
> > its way)? I thought I will eventually call the *action *from the browser
> > (with ajax) and only check if the session is already created. The only
> > thing that I can pass to the callback is an AuthenticationFlowContext
> data
> > obtained from the first *action(AuthenticationFlowContext context)*
> call.
> > Is there any way to do it?
> >
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Pozdrawiam,
Daniel Radzikowski.

More information about the keycloak-user mailing list