Re: [keycloak-dev] Why do I have to enter the OTP?

I think what you meant was something like this https://www.duosecurity.com/product/user-experience/authentication, right? On 2015-01-13, Bill Burke wrote: > > > On 1/13/2015 11:19 AM, Summers Pittman wrote: >> On 01/13/2015 11:11 AM, Bill Burke wrote: >>> Why does a user have to enter in the OTP generated by their mobile >>> device? Wouldn't it be cooler if the steps were: >>> >>> 1. Enter in username password in the browser >>> 2. Browser blocks and wait for... >>> 3. Press a button on your OTP iphone app >>> 4. iphone app sends an HTTP message to Keycloak with username and >>> generated OTP (in background) >>> 5. Keycloak sees if a browser app is waiting for OTP verification, then >>> verifies OTP if so. >>> 6. Browser unblocks and lets user in. >>> >>> Now, the user doesn't ever have to enter the OTP (and mess it up like I >>> do all the time). They just need their mobile device. >>> >>> >>> >> Even better, in Android this can be done from an interactive >> notification. You won't even need to open the app. >> > > Probably the same in iOS, no? > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev -- abstractj PGP: 0x84DC9914