<div dir="ltr">We are planning to add the ability for an application to require a user to re-authenticate. There's basically two parts to that. First the token needs to contain the time the user authenticated, secondly the application needs to be able to require user login screen to be displayed even if the user is already authenticated.<div><br></div><div>Not sure if this is sufficient for your requirements though. I'd probably rewrite my requirements a bit if I was you and rather than having a one-time access token require a user to have re-authenticated within a short time (a few minutes maybe) for sensitive operations.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 8 September 2016 at 12:01, Wieloch, Marcin <span dir="ltr"><<a href="mailto:Marcin.Wieloch@sicpa.com" target="_blank">Marcin.Wieloch@sicpa.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>
<div>Hi,</div>
<div><br>
</div>
<div>I am working on a system where we would like to enforce that for some particular resources</div>
<div>the resource owner has to authorise each access to such a resource. In other words, we want </div>
<div>the user to re-type in his username and password each time he executes a particular operation.</div>
<div><br>
</div>
<div>In this context, does Keycloak provide something like 'one-time' access tokens?</div>
<div>Or does it maybe support such a use case in yet another way?</div>
<div><br>
</div>
<div>Best regards,</div>
<div>Marcin</div>
</div>
<div><p></p><hr>
The information in this email and any attachments is confidential and intended solely for the use of the individual(s) to whom it is addressed or otherwise directed. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the Company. Finally, the recipient should check this email and any attachments for the presence of viruses. The Company accepts no liability for any damage caused by any virus transmitted by this email.
<p></p></div>
</div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>