[keycloak-user] How to login without username and password

Dmitry Telegin dt at acutus.pro
Thu Aug 2 00:52:06 EDT 2018 

Hi,

The power of Keycloak is in its total flexibility and extensibility. You can completely redo your login flow without changing a single line in Keycloak's codebase.

First, you should begin with username form (of mobile number entry, in your case). You can do it similarly to the "Choose user" execution:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/authenticators/resetcred/ResetCredentialChooseUser.java

It is designed for the "reset credentials" flow, but should serve as a good starting point for you. SMS entry and validation can be implemented in a similar way.

Good luck!
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Tue, 2018-07-24 at 21:24 +0800, bejond wrote:
> Hi developers,
>     I want to use mobile number and SMS text code to login to keycloak. But keycloak requires username and password to login. I copy Authentication of Browser, and remove "Username Password Form", and I add my own "Mobile OTP" SPI. When I open login page, it shows "Invalid username or password", the log says
> 
> 
> 
> " 21:00:03,638 WARN  [org.keycloak.events] (default task-106) type=LOGIN_ERROR, realmId=test1, clientId=security-admin-console, userId=null, ipAddress=127.0.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080/auth/admin/master/console/
> 21:00:45,711 WARN  [org.keycloak.services] (default task-107) KC-SERVICES0013: Failed authentication: org.keycloak.authentication.AuthenticationFlowException: authenticator: mobile-otp-authenticator"
> 
> 
>    Is there a way to remove "Username and Password Form" and login with my own SPI? Or can I override default "Username and Password Form" with my own logic? I mean "override" is: I write a new SPI without changing keycloak source code.
>    If I can't achieve this, I think I need to use other OAuth open source application and bind to keycloak as an Identity Provider and change the source of OAuth application to achieve my goal. It will be better if I can achieve my goal without another IdP.
>    Thanks in advance.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list