[keycloak-user] Authorization of action in application (client of KC)

Dmitry Telegin dt at acutus.pro
Fri Dec 21 08:29:55 EST 2018 

Sorry, forgot the link:
https://www.keycloak.org/docs/latest/server_development/index.html#_action_token_spi

Dmitry

On Fri, 2018-12-21 at 16:19 +0300, Dmitry Telegin wrote:
> Hello Nikola,
> 
> On Thu, 2018-12-20 at 16:57 +0100, Nikola Malenic wrote:
> > I have an use case where I have to authorize an action in my
> > application
> > taken by the user. Here is how it should go:
> > 
> > The user is logged in at KC and using my application. Now, my
> > application
> > would need to authorize one user action by sending the user to KC,
> > where he
> > would enter his OTP, and then, my application would get some kind
> > of proof
> > that user authorized the action (I don't know what should that be,
> > yet).
> 
> Seems like what you want is "step-up authentication". It's been on
> the list since 2014, but AFAIK still no progress to the moment:
> https://issues.jboss.org/browse/KEYCLOAK-847
> https://issues.jboss.org/browse/KEYCLOAK-4182
> http://lists.jboss.org/pipermail/keycloak-dev/2017-April/009245.html
> 
> I'm also adding Thomas Darimont to CC: as probably no one knows this
> topic better than he does.
>  
> > Do you have any idea how this could be achieved using KC? I guess
> > action SPI
> > would somehow be used.
> 
> If you're talking about Action Token SPI [1], I'm afraid this is not
> much relevant here. Action tokens are issued by Keycloak and allow
> users to perform special actions like password reset. OTOH, your case
> is about conditionally executing a part of authentication flow on the
> client's request. 
> 
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
> 
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
> 
> > 
> >  
> > 
> > Thank you in advance,
> > 
> > Nikola
> > 
> >  
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list