<div dir="ltr">Hi Stian,<div><br></div><div>I do have a working direct grants flow. I also have some SPIs to complete the entire set of functionality that was requested. Sadly, I cannot modify those requirements and it is not possible to use the browser based login (I would love to, really!). </div><div><br></div><div>What I did today was I created some SPIs under /auth/realms/realm/that allows me to get the following</div><div><br></div><div>- otp image base64 url encoded.</div><div>- otp secret and code</div><div><br></div><div>another endpoint that using those parameters plus a code from the authenticator, set up the otp to the specified user and finally an endpoint to check if otp is enabled and remove it from the account.</div><div><br></div><div>I'm testing it right now and seems to be working pretty well. </div><div><br></div><div>I think that resolved my issues so far, unless I find something odd in the next days :)</div><div><br></div><div>Thanks,</div><div><br></div><div>Regards,</div><div>Fab</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 27 May 2016 at 15:33, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Do you have login working without OTP? That would be the first step and it sounds like you may not have that working based on you're looking at account management console. You should use direct grant api (what OIDC calls resource owner credential grant). Take a look at <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html</a>.<div><br></div><div>Also, seriously reconsider how you're doing this implementation. For a better user experience I would strongly recommend using an external user agent. This is what is recommended by OAuth/OIDC specs as well as by us.<br><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On 27 May 2016 at 01:39, Fabricio Milone <span dir="ltr"><<a href="mailto:fabricio.milone@shinetech.com" target="_blank">fabricio.milone@shinetech.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>I am trying to find a way to setup a (optional) TOTP for an specific user using an endpoint, but I couldn't find anything like that in the documentation. Is that even possible? is it something that you will include at some point in your roadmap?</div></div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>The scenario is a native mobile app using keycloak through endpoints (registration, login, logout, etc). I know that's not the way you recommend, but sadly I cannot change that.</div></div></blockquote></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><br></div><div>TOTP is currently working if I set it up using the account management console and I'm trying to re use those calls, but they use cookies included in the requests and that model just doesn't fit on my requirements.</div><div><br></div><div>I'd really appreciate a little guidance if it is possible to create an SPI (I have some already) to do such task.</div><div><br></div><div>Thanks in advance,</div><div><br></div><div>Regards,</div><div>Fab</div><div><div><br></div>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#000000">Fabricio Milone</font></b></span></div><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><font color="#000000">Developer</font></span></div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><br></font></b></span></div>Shine Consulting </font></b></span><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">30/600 Bourke Street</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">Melbourne VIC 3000</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">T: 03 8488 9939</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">M: 04 3200 4006</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)"><br></span></p></span><span style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:13.3px"><p style="margin:0pt"><a href="http://www.shinetech.com/" style="color:rgb(51,51,51)" target="_blank">www.shinetech.com</a><font color="#333333"> </font><i style="color:rgb(51,51,51)"><b>a</b></i><font color="#333333"> passion for excellence</font></p></span></span></div></div>
</div></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#000000">Fabricio Milone</font></b></span></div><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><font color="#000000">Developer</font></span></div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><br></font></b></span></div>Shine Consulting </font></b></span><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">30/600 Bourke Street</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">Melbourne VIC 3000</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">T: 03 8488 9939</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">M: 04 3200 4006</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)"><br></span></p></span><span style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:13.3px"><p style="margin:0pt"><a href="http://www.shinetech.com/" style="color:rgb(51,51,51)" target="_blank">www.shinetech.com</a><font color="#333333"> </font><i style="color:rgb(51,51,51)"><b>a</b></i><font color="#333333"> passion for excellence</font></p></span></span></div></div>
</div>